hawat.blueprints.auth_api package

Description

This pluggable module provides API key based authentication service. When this module is enabled, users may generate and use API keys to authenticate themselves when accessing various API application endpoints.

Currently the API key may be provided via one of the following methods:

  • The Authorization HTTP header.

    You may provide your API key by adding Authorization HTTP header to your requests. Following forms are accepted:

    Authorization: abcd1234
    Authorization: key abcd1234
    Authorization: token abcd1234
    
  • The api_key or api_token parameter of the HTTP POST request.

    You may provide your API key as additional HTTP parameter api_key or api_token of your POST request to particular application endpoint. Using GET requests is forbidden due to the fact that request URLs are getting logged on various places and your keys could thus be easily compromised.

Provided endpoints

/auth_api/<user_id>/key-generate

Page enabling generation of new API key.

  • Authentication: login required

  • Authorization: admin

  • Methods: GET, POST

/auth_api/<user_id>/key-delete

Page enabling deletion of existing API key.

  • Authentication: login required

  • Authorization: admin

  • Methods: GET, POST

class hawat.blueprints.auth_api.APIAuthBlueprint(name, import_name, **kwargs)[source]

Bases: hawat.base.HawatBlueprint

Hawat pluggable module - API key based authentication (auth_api).

classmethod get_module_title()[source]

Implementation of hawat.base.HawatBlueprint.get_module_title().

register_app(app)[source]

Callback method. Will be called from hawat.base.HawatApp.register_blueprint() method and can be used to customize the Flask application object. Possible use cases:

  • application menu customization

Parameters

app (hawat.base.HawatApp) – Flask application to be customize.

hawat.blueprints.auth_api.BLUEPRINT_NAME = 'auth_api'

Name of the blueprint as module global constant.

class hawat.blueprints.auth_api.DeleteKeyView[source]

Bases: hawat.base.HTMLMixin, hawat.base.SQLAlchemyMixin, hawat.base.ItemChangeView

View for deleting API keys from user accounts.

authentication = True
authorization = [<Permission needs={Need(method='role', value='admin')} excludes=set()>]
classmethod change_item(item)[source]

Interface implementation of hawat.base.ItemChangeView.change_item().

property dbmodel

Implementation of hawat.base.SQLAlchemyMixin.dbmodel().

static get_message_cancel(**kwargs)[source]

Implementation of hawat.base.ItemActionView.get_message_cancel().

static get_message_failure(**kwargs)[source]

Implementation of hawat.base.ItemActionView.get_message_failure().

static get_message_success(**kwargs)[source]

Implementation of hawat.base.ItemActionView.get_message_success().

classmethod get_view_icon()[source]

Implementation of hawat.base.BaseView.get_view_icon().

classmethod get_view_name()[source]

Implementation of hawat.base.BaseView.get_view_name().

classmethod get_view_template()[source]

Implementation of hawat.base.RenderableView.get_view_template().

classmethod get_view_title(**kwargs)[source]

Implementation of hawat.base.BaseView.get_view_title().

methods = ['GET', 'POST']
class hawat.blueprints.auth_api.GenerateKeyView[source]

Bases: hawat.base.HTMLMixin, hawat.base.SQLAlchemyMixin, hawat.base.ItemChangeView

View for generating API keys for user accounts.

authentication = True
authorization = [<Permission needs={Need(method='role', value='admin')} excludes=set()>]
classmethod change_item(item)[source]

Interface implementation of hawat.base.ItemChangeView.change_item().

property dbmodel

Implementation of hawat.base.SQLAlchemyMixin.dbmodel().

static get_message_cancel(**kwargs)[source]

Implementation of hawat.base.ItemActionView.get_message_cancel().

static get_message_failure(**kwargs)[source]

Implementation of hawat.base.ItemActionView.get_message_failure().

static get_message_success(**kwargs)[source]

Implementation of hawat.base.ItemActionView.get_message_success().

classmethod get_view_icon()[source]

Implementation of hawat.base.BaseView.get_view_icon().

classmethod get_view_name()[source]

Implementation of hawat.base.BaseView.get_view_name().

classmethod get_view_template()[source]

Implementation of hawat.base.RenderableView.get_view_template().

classmethod get_view_title(**kwargs)[source]

Implementation of hawat.base.BaseView.get_view_title().

methods = ['GET', 'POST']
hawat.blueprints.auth_api.get_blueprint()[source]

Mandatory interface and factory function. This function must return a valid instance of hawat.base.HawatBlueprint or flask.Blueprint.