hawat.blueprints.auth_env package

Description

This pluggable module provides default authentication service based on server environment. In this case the burden of performing actual authentication is on the web server used for serving the web interface. The authentication module then simply uses selected environment variables set up by the server after successfull authentication.

This module also provides interface for automated user account registration. The registration form is pre-filled with data gathered again from server environment. The login may not be changed and the value fetched from environment is always used. Other account attributes like name or email address may be tweaked by user before submitting the registration form. Administrator and user are both notified via email about the fact new account was just created.

Environment variables

Currently following environment variables set up by the HTTP server are supported:

eppn,``REMOTE_USER`` (MANDATORY)

The eppn server variable is set up by the _shibd_ daemon implementing the Shibboleth SSO service. The REMOTE_USER variable is set up by many authentication providers. This environment variable is of course mandatory and it is used as an account username (login).

cn,``givenName``,``sn`` (OPTIONAL)

The cn server variable is used to fill in user`s name, when available. When not available, user`s name is constructed as contatenation of givenName and sn server variables. When none of the above is available, user has to input his/her name manually during registration process.

perunPreferredMail,``mail`` (OPTIONAL)

The perunPreferredMail server variable is used to fill in user`s email address, when available. When not available, the first email address from email server variable is used. When none of the above is available, user has to input his/her email manually during registration process.

perunOrganizationName,``o`` (OPTIONAL)

The perunOrganizationName server variable is used to fill in user`s home organization name, when available. When not available, the value of o server variable is used. When none of the above is available, user has to input his/her home organization name manually during registration process.

Provided endpoints

/auth_env/login

Page providing login functionality via server set environment variables.

  • Authentication: no authentication

  • Methods: GET

/auth_env/register

User account registration using server set environment variables.

  • Authentication: no authentication

  • Methods: GET, POST

hawat.blueprints.auth_env.BLUEPRINT_NAME = 'auth_env'

Name of the blueprint as module global constant.

class hawat.blueprints.auth_env.EnvAuthBlueprint(name, import_name, **kwargs)[source]

Bases: hawat.base.HawatBlueprint

Hawat pluggable module - environment based authentication (auth_env).

classmethod get_module_title()[source]

Implementation of hawat.base.HawatBlueprint.get_module_title().

register_app(app)[source]

Callback method. Will be called from hawat.base.HawatApp.register_blueprint() method and can be used to customize the Flask application object. Possible use cases:

  • application menu customization

Parameters

app (hawat.base.HawatApp) – Flask application to be customize.

class hawat.blueprints.auth_env.LoginView[source]

Bases: hawat.base.HTMLMixin, hawat.base.RenderableView

View responsible for user login via application environment.

dispatch_request()[source]

Mandatory interface required by the flask.views.View.dispatch_request(). Will be called by the Flask framework to service the request.

classmethod get_menu_title(**kwargs)[source]

Implementation of hawat.base.BaseView.get_menu_title().

classmethod get_view_icon()[source]

Implementation of hawat.base.BaseView.get_view_icon().

classmethod get_view_name()[source]

Implementation of hawat.base.BaseView.get_view_name().

classmethod get_view_title(**kwargs)[source]

Implementation of hawat.base.BaseView.get_view_title().

methods = ['GET']
class hawat.blueprints.auth_env.RegisterView[source]

Bases: hawat.base.HTMLMixin, hawat.base.SQLAlchemyMixin, hawat.base.RenderableView

View responsible for registering new user account into application.

changelog_log(item, json_state_before='', json_state_after='')[source]

Log item action into changelog. One of the method arguments is permitted to be left out. This enables logging create and delete actions.

Parameters
  • item (mentat.datatype.sqldb.MODEL) – Item that is being changed.

  • json_state_before (str) – JSON representation of item state before action.

  • json_state_after (str) – JSON representation of item state after action.

property dbmodel

Implementation of hawat.base.SQLAlchemyMixin.dbmodel().

dispatch_request()[source]

Mandatory interface required by the flask.views.View.dispatch_request(). Will be called by the Flask framework to service the request.

static get_item_form(item)[source]

Get user account registration form object.

classmethod get_menu_title(**kwargs)[source]

Implementation of hawat.base.BaseView.get_menu_title().

get_user_from_env()[source]

Get user object populated with information gathered from server environment variables.

classmethod get_view_icon()[source]

Implementation of hawat.base.BaseView.get_view_icon().

classmethod get_view_name()[source]

Implementation of hawat.base.BaseView.get_view_name().

classmethod get_view_template()[source]

Return Jinja2 template file that should be used for rendering the view content. This default implementation works only in case the view class was properly registered into the parent blueprint/module with hawat.base.HawatBlueprint.register_view_class() method.

Returns

Jinja2 template file to use to render the view.

Return type

str

classmethod get_view_title(**kwargs)[source]

Implementation of hawat.base.BaseView.get_view_title().

classmethod inform_admins(account, form_data)[source]

Send information about new account registration to system admins. Use default locale for email content translations.

classmethod inform_managers(account, form_data)[source]

Send information about new account registration to the user. Use manager`s locale for email content translations.

classmethod inform_user(account, form_data)[source]

Send information about new account registration to the user. Use user`s locale for email content translations.

methods = ['GET', 'POST']
exception hawat.blueprints.auth_env.RegistrationException(description)[source]

Bases: Exception

Exception describing problems with new user account registration.

hawat.blueprints.auth_env.get_blueprint()[source]

Mandatory interface and factory function. This function must return a valid instance of hawat.base.HawatBlueprint or flask.Blueprint.

hawat.blueprints.auth_env.get_login_from_environment()[source]

Get user account login from appropriate environment variable(s).