Authentication Middleware API

Public Middleware API

Athentication middleware.

aiohttp_auth.auth.auth.setup(app, policy)

Setup middleware in aiohttp fashion.

Parameters:
  • app – aiohttp Application object.
  • policy – An authentication policy with a base class of AbstractAuthentication.
aiohttp_auth.auth.auth.auth_middleware(policy)

Return an authentication middleware factory.

The middleware is for use by the aiohttp application object.

Parameters:policy – A authentication policy with a base class of AbstractAuthentication.
aiohttp_auth.auth.auth.get_auth(request)

Return the user_id associated with a particular request.

Parameters:request – aiohttp Request object.
Returns:The user_id associated with the request, or None if no user is associated with the request.
Raises:RuntimeError – Middleware is not installed
aiohttp_auth.auth.auth.remember(request, user_id)

Called to store and remember the userid for a request.

Parameters:
  • request – aiohttp Request object.
  • user_id – String representing the user_id to remember
Raises:

RuntimeError – Middleware is not installed

aiohttp_auth.auth.auth.forget(request)

Called to forget the userid for a request.

Parameters:request – aiohttp Request object.
Raises:RuntimeError – Middleware is not installed.

Decorators

Authentication decorators.

aiohttp_auth.auth.decorators.auth_required(func)

Decorator to check if an user has been authenticated for this request.

Allows views to be decorated like:

@auth_required
async def view_func(request):
    pass

providing a simple means to ensure that whoever is calling the function has the correct authentication details.

Warning

Changed in version 0.2.0: In versions prior 0.2.0 the web.HTTPForbidden was raised (status code 403) if user was not authenticated. Now the web.HTTPUnauthorized (status code 401) is raised to distinguish authentication error from authorization one.

Parameters:func – Function object being decorated.
Returns:A function object that will raise web.HTTPUnauthorized() if the passed request does not have the correct permissions to access the view.

Abstract Authentication Policy

class aiohttp_auth.auth.abstract_auth.AbstractAuthentication

Abstract authentication policy class

forget(request)

Abstract function called to forget the userid for a request

Parameters:request – aiohttp Request object
get(request)

Abstract function called to get the user_id for the request.

Parameters:request – aiohttp Request object.
Returns:The user_id for the request, or None if the user_id is not authenticated.
process_response(request, response)

Called to perform any processing of the response required (setting cookie data, etc).

Default implementation does nothing.

Parameters:
  • request – aiohttp Request object.
  • response – response object returned from the handled view
remember(request, user_id)

Abstract function called to store the user_id for a request.

Parameters:
  • request – aiohttp Request object.
  • user_id – String representing the user_id to remember

Abstract Ticket Authentication Policy

class aiohttp_auth.auth.ticket_auth.TktAuthentication(secret, max_age, reissue_time=None, include_ip=False, cookie_name='AUTH_TKT')

Ticket authentication mechanism based on the ticket_auth library.

This class is an abstract class that creates a ticket and validates it. Storage of the ticket data itself is abstracted to allow different implementations to store the cookie differently (encrypted, server side etc).

__init__(secret, max_age, reissue_time=None, include_ip=False, cookie_name='AUTH_TKT')

Initializes the ticket authentication mechanism.

Parameters:
  • secret – Byte sequence used to initialize the ticket factory.
  • max_age – Integer representing the number of seconds to allow the ticket to remain valid for after being issued.
  • reissue_time – Integer representing the number of seconds before a valid login will cause a ticket to be reissued. If this value is 0, a new ticket will be reissued on every request which requires authentication. If this value is None, no tickets will be reissued, and the max_age will always expire the ticket.
  • include_ip – If true, requires the clients ip details when calculating the ticket hash
  • cookie_name – Name to use to reference the ticket details.
cookie_name

Returns the name of the cookie stored in the session

forget(request)

Called to forget the userid for a request

This function calls the forget_ticket() function to forget the ticket associated with this request.

Parameters:request – aiohttp Request object
forget_ticket(request)

Abstract function called to forget the ticket data for a request.

Parameters:request – aiohttp Request object.
get(request)

Gets the user_id for the request.

Gets the ticket for the request using the get_ticket() function, and authenticates the ticket.

Parameters:request – aiohttp Request object.
Returns:The userid for the request, or None if the ticket is not authenticated.
get_ticket(request)

Abstract function called to return the ticket for a request.

Parameters:request – aiohttp Request object.
Returns:A ticket (string like) object, or None if no ticket is available for the passed request.
process_response(request, response)

If a reissue was requested, only reissue if the response was a valid 2xx response

remember(request, user_id)

Called to store the userid for a request.

This function creates a ticket from the request and user_id, and calls the abstract function remember_ticket() to store the ticket.

Parameters:
  • request – aiohttp Request object.
  • user_id – String representing the user_id to remember
remember_ticket(request, ticket)

Abstract function called to store the ticket data for a request.

Parameters:
  • request – aiohttp Request object.
  • ticket – String like object representing the ticket to be stored.

Concrete Ticket Authentication Policies

class aiohttp_auth.auth.cookie_ticket_auth.CookieTktAuthentication(secret, max_age, reissue_time=None, include_ip=False, cookie_name='AUTH_TKT')

Ticket authentication mechanism based on the ticket_auth library, with ticket data being stored as a cookie in the response.

__init__(secret, max_age, reissue_time=None, include_ip=False, cookie_name='AUTH_TKT')

Initializes the ticket authentication mechanism.

Parameters:
  • secret – Byte sequence used to initialize the ticket factory.
  • max_age – Integer representing the number of seconds to allow the ticket to remain valid for after being issued.
  • reissue_time – Integer representing the number of seconds before a valid login will cause a ticket to be reissued. If this value is 0, a new ticket will be reissued on every request which requires authentication. If this value is None, no tickets will be reissued, and the max_age will always expire the ticket.
  • include_ip – If true, requires the clients ip details when calculating the ticket hash
  • cookie_name – Name to use to reference the ticket details.
cookie_name

Returns the name of the cookie stored in the session

forget(request)

Called to forget the userid for a request

This function calls the forget_ticket() function to forget the ticket associated with this request.

Parameters:request – aiohttp Request object
forget_ticket(request)

Called to forget the ticket data a request

Parameters:request – aiohttp Request object.
get(request)

Gets the user_id for the request.

Gets the ticket for the request using the get_ticket() function, and authenticates the ticket.

Parameters:request – aiohttp Request object.
Returns:The userid for the request, or None if the ticket is not authenticated.
get_ticket(request)

Called to return the ticket for a request.

Parameters:request – aiohttp Request object.
Returns:A ticket (string like) object, or None if no ticket is available for the passed request.
process_response(request, response)

Called to perform any processing of the response required.

This function stores any cookie data in the COOKIE_AUTH_KEY as a cookie in the response object. If the value is a empty string, the associated cookie is deleted instead.

This function requires the response to be a aiohttp Response object, and assumes that the response has not prepared if the remember or forget functions are called during the request.

Parameters:
  • request – aiohttp Request object.
  • response – response object returned from the handled view
Raises:

RuntimeError – Raised if response has already prepared.

remember(request, user_id)

Called to store the userid for a request.

This function creates a ticket from the request and user_id, and calls the abstract function remember_ticket() to store the ticket.

Parameters:
  • request – aiohttp Request object.
  • user_id – String representing the user_id to remember
remember_ticket(request, ticket)

Called to store the ticket data for a request.

Ticket data is stored in COOKIE_AUTH_KEY in the request object, and written as cookie data to the response during the process_response() function.

Parameters:
  • request – aiohttp Request object.
  • ticket – String like object representing the ticket to be stored.
class aiohttp_auth.auth.session_ticket_auth.SessionTktAuthentication(secret, max_age, reissue_time=None, include_ip=False, cookie_name='AUTH_TKT')

Ticket authentication mechanism based on the ticket_auth library, with ticket data being stored in the aiohttp_session object.

__init__(secret, max_age, reissue_time=None, include_ip=False, cookie_name='AUTH_TKT')

Initializes the ticket authentication mechanism.

Parameters:
  • secret – Byte sequence used to initialize the ticket factory.
  • max_age – Integer representing the number of seconds to allow the ticket to remain valid for after being issued.
  • reissue_time – Integer representing the number of seconds before a valid login will cause a ticket to be reissued. If this value is 0, a new ticket will be reissued on every request which requires authentication. If this value is None, no tickets will be reissued, and the max_age will always expire the ticket.
  • include_ip – If true, requires the clients ip details when calculating the ticket hash
  • cookie_name – Name to use to reference the ticket details.
cookie_name

Returns the name of the cookie stored in the session

forget(request)

Called to forget the userid for a request

This function calls the forget_ticket() function to forget the ticket associated with this request.

Parameters:request – aiohttp Request object
forget_ticket(request)

Called to forget the ticket data a request

Parameters:request – aiohttp Request object.
get(request)

Gets the user_id for the request.

Gets the ticket for the request using the get_ticket() function, and authenticates the ticket.

Parameters:request – aiohttp Request object.
Returns:The userid for the request, or None if the ticket is not authenticated.
get_ticket(request)

Called to return the ticket for a request.

Parameters:request – aiohttp Request object.
Returns:A ticket (string like) object, or None if no ticket is available for the passed request.
process_response(request, response)

If a reissue was requested, only reissue if the response was a valid 2xx response

remember(request, user_id)

Called to store the userid for a request.

This function creates a ticket from the request and user_id, and calls the abstract function remember_ticket() to store the ticket.

Parameters:
  • request – aiohttp Request object.
  • user_id – String representing the user_id to remember
remember_ticket(request, ticket)

Called to store the ticket data for a request.

Ticket data is stored in the aiohttp_session object

Parameters:
  • request – aiohttp Request object.
  • ticket – String like object representing the ticket to be stored.