- Move to
- Add support of middlewares decorators for
uvloopas IO loop for tests.
aclauthorization policy by moving permit logic into
aclmiddleware to install it in aiohttp fashion.
- Fix bug in
- Fix a possible security issue with
aclgroups. The issue is follow: the default behavior is to add
user_idto groups for authenticated users by the acl middleware, but if
user_idis equal to some of acl groups that user suddenly has the permissions he is not allowed for. So to avoid this kind of issue
user_idis not added to groups any more.
aclmiddleware to make it possible easily create callable object by inheriting from the abstract class and implementing
acl_groupsmethod. It can be useful to store additional information (such database connection etc.) within such class. An instance of this subclass can be used in place of
authmiddleware to install it in aiohttp fashion.
auth.auth_requiredraised now a
web.HTTPUnauthorizedinstead of a
- Introduce generic authorization middleware
autzthat performs authorization through the same interface (
autz_requireddecorator) but using different policies. Middleware has the ACL authorization as the built in policy which works in the same way as
aclmiddleware. Users are free to add their own custom policies or to modify ACL one.
- Add global
aiohttp_auth.setupfunction to install
autzmiddlewares at once in aiohttp fashion.
- Add docs.
- Rewrite tests using