Authentication: Difference between revisions

From GNU MediaGoblin Wiki
Jump to navigation Jump to search
Line 44: Line 44:
_auth_providers = hook_runall("auth_provider")
_auth_providers = hook_runall("auth_provider")


class AuthUserInterface(object):
def get_response(function(*args)):
for p in _auth_providers:
response = p.function(*args)

class AuthUserInterface(object):


def check_login(self, user, password):
def check_login(self, user, password):
for p in _auth_providers:
response = get_response(check_login(user, password)
res = p.check_login(user, password)
if response:
if res:
return response
return res
raise NotImplementedError</nowiki>
raise NotImplementedError</nowiki>



Revision as of 19:25, 2 May 2013

Designing Authentication API

To make our auth(entication) system more modular, we're likely going to have some sort of interface style API for it. This page is to design it.

Auth Plugin Design Pros/Cons

Interfacey Design w/o hooks:

Using an interface design similar to the Base Class design below. Calls would be added to _auth_providers list in the dummy class when setup_plugin is run. Each function in the dummy class would run through the _auth_providers list and return the response from the corresponding function from the last plugin in _auth_providers list.

Ex:

   auth/__init__.py:
        _auth_providers = []
        def add_auth_provider(provider):
            _auth_providers.append(provider)

        class AuthUserInterface(object):

            def check_login(self, user, password):
                for p in _auth_providers:
                    res = p.check_login(user, password)
                if res:
                    return res
                raise NotImplementedError
   auth_plugin/__init__.py:
        def setup_plugin():
            add_auth_provider(AuthPluginInterface())

Pros

Cons

  • basically be duplicating the code for hook_handle

Interfacey Design w/ hooks:

Using an interface design similar to the Base Class design below and using hooks to register the auth_plugin interface.

Ex:

   auth/__init__.py:
        def setup_auth():
            global _auth_providers
            _auth_providers = hook_runall("auth_provider")

       def get_response(function(*args)):
           for p in _auth_providers:
               response = p.function(*args)

       class AuthUserInterface(object):

            def check_login(self, user, password):
                response = get_response(check_login(user, password)
                if response:
                    return response
                raise NotImplementedError
   auth_plugin/__init__.py:
        hooks = {"auth_provider": AuthUserInterface()}

Pros

Cons

  • would basically be duplicating the code for hook_handle

Non-Interfacey Design w/ hooks for every call:

This design would have a plugin "template" in auth/__init__.py similar to the Interfacey designs, except that it would use hook_handle() for each function.

Ex.
   auth/__init__.py:
        def check_login(user, Password):
            return hook_handle("auth_check_login", user, password)
   auth_plugin/__init__.py:
        hooks = {"auth_check_login": check_login

Pros

  • Simpler to implement

Cons

__init__.py Base Class

      • This is a brainstorm of some of the functions and variables that the base class should include.***

basic_auth = False # Will be used to render to correct forms if using both basic_auth and openid/persona

login_form = # Plugin LoginForm class

registration_form = # Plugin RegistrationForm class

   class UserAuthInterface(object):
       
        deg _raise_not_implemented(self):
            # Will raise a warning if some component of this interface isn't implemented by an Auth plugin

        def check_login(self, user, password):
            return False
        
        def get_user(self, *args):
            # Will query database and will return a User() object

        def create_user(self, *args):
            # Will create a new user and save to the db.
            # Will return User() object

        def extra_validation(self, register_form, *args):
            # Will query the db and add error messages to register_form if any.
            # return true if able to create new user 

        def get_user_metadata(self, user):
            # Return a nice object with metadata from auth provider. Used to pre-fill registration forms