hawat.blueprints.auth_env package

This pluggable module provides default authentication service based on server environment. In this case the burden of performing actual authentication is on the web server used for serving the web interface. The authentication module then simply uses selected environment variables set up by the server after successfull authentication.

This module also provides interface for automated user account registration. The registration form is pre-filled with data gathered again from server environment. The login may not be changed and the value fetched from environment is always used. Other account attributes like name or email address may be tweaked by user before submitting the registration form. Administrator and user are both notified via email about the fact new account was just created.

Environment variables

Currently following environment variables set up by the HTTP server are supported:

eppn,``REMOTE_USER`` (MANDATORY)

The eppn server variable is set up by the _shibd_ daemon implementing the Shibboleth SSO service. The REMOTE_USER variable is set up by many authentication providers. This environment variable is of course mandatory and it is used as an account username (login).

cn,``givenName``,``sn`` (OPTIONAL)

The cn server variable is used to fill in user`s name, when available. When not available, user`s name is constructed as contatenation of givenName and sn server variables. When none of the above is available, user has to input his/her name manually during registration process.

perunPreferredMail,``mail`` (OPTIONAL)

The perunPreferredMail server variable is used to fill in user`s email address, when available. When not available, the first email address from email server variable is used. When none of the above is available, user has to input his/her email manually during registration process.

perunOrganizationName,``o`` (OPTIONAL)

The perunOrganizationName server variable is used to fill in user`s home organization name, when available. When not available, the value of o server variable is used. When none of the above is available, user has to input his/her home organization name manually during registration process.

Provided endpoints

/auth_env/login

Page providing login functionality via server set environment variables.

  • Authentication: no authentication

  • Methods: GET

/auth_env/register

User account registration using server set environment variables.

  • Authentication: no authentication

  • Methods: GET, POST

class hawat.blueprints.auth_env.EnvAuthBlueprint(name, import_name, **kwargs)[source]

Bases: vial.blueprints.auth_env.EnvAuthBlueprint

Pluggable module - environment authentication service (auth_env).

register_app(app)[source]

Hook method: Custom callback, which will be called from vial.app.Vial.register_blueprint() method and which can perform additional tweaking of Vial application object.

Parameters

app (vial.app.Vial) – Application object.

class hawat.blueprints.auth_env.RegisterView[source]

Bases: vial.blueprints.auth_env.RegisterView

View responsible for registering new user account into application.

get_item()[source]

Hook method. Must return instance for given item class.

static get_item_form(item)[source]

Hook method. Must return instance of flask_wtf.FlaskForm appropriate for given item class.

get_user_from_env()[source]

Get user object populated with information gathered from server environment variables.

exception hawat.blueprints.auth_env.RegistrationException(description)[source]

Bases: Exception

Exception describing problems with new user account registration.

hawat.blueprints.auth_env.get_blueprint()[source]

Mandatory interface for vial.Vial and factory function. This function must return a valid instance of vial.app.VialBlueprint or flask.Blueprint.

hawat.blueprints.auth_env.get_login_from_environment()[source]

Get user account login from appropriate environment variable(s).