openstack
/
deb-python-autobahn
Code Issues Proposed changes

Merge pull request #840 from meejah/issue430-dynamic-auth 

Issue430 dynamic auth
This commit is contained in:
Tobias Oberstein 2017-05-23 17:49:56 +02:00 committed by GitHub
parent 8f25d62dbd b6cb802740
commit 89ac1f411d
6 changed files with 194 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
autobahn/wamp/message.py
View File

@ -1744,13 +1744,7 @@ class Publish(Message):
return obj
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
def marshal_options(self):
options = {}
if self.acknowledge is not None:
@ -1780,6 +1774,19 @@ class Publish(Message):
options[u'enc_key'] = self.enc_key
if self.enc_serializer is not None:
options[u'enc_serializer'] = self.enc_serializer
return options
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
options = self.marshal_options()
if self.payload:
return [Publish.MESSAGE_TYPE, self.request, options, self.topic, self.payload]
else:
if self.kwargs:
@ -1962,13 +1969,7 @@ class Subscribe(Message):
return obj
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
def marshal_options(self):
options = {}
if self.match and self.match != Subscribe.MATCH_EXACT:
@ -1977,7 +1978,16 @@ class Subscribe(Message):
if self.get_retained is not None:
options[u'get_retained'] = self.get_retained
return [Subscribe.MESSAGE_TYPE, self.request, options, self.topic]
return options
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
return [Subscribe.MESSAGE_TYPE, self.request, self.marshal_options(), self.topic]
def __str__(self):
"""
@ -2784,13 +2794,7 @@ class Call(Message):
return obj
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
def marshal_options(self):
options = {}
if self.timeout is not None:
@ -2806,6 +2810,19 @@ class Call(Message):
options[u'enc_key'] = self.enc_key
if self.enc_serializer is not None:
options[u'enc_serializer'] = self.enc_serializer
return options
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
options = self.marshal_options()
if self.payload:
return [Call.MESSAGE_TYPE, self.request, options, self.procedure, self.payload]
else:
if self.kwargs:
@ -3253,13 +3270,7 @@ class Register(Message):
return obj
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
def marshal_options(self):
options = {}
if self.match and self.match != Register.MATCH_EXACT:
@ -3271,7 +3282,16 @@ class Register(Message):
if self.concurrency:
options[u'concurrency'] = self.concurrency
return [Register.MESSAGE_TYPE, self.request, options, self.procedure]
return options
def marshal(self):
"""
Marshal this object into a raw message for subsequent serialization to bytes.
:returns: The serialized raw message.
:rtype: list
"""
return [Register.MESSAGE_TYPE, self.request, self.marshal_options(), self.procedure]
def __str__(self):
"""

30
examples/router/.crossbar/config.json
View File

@ -3,6 +3,9 @@
"workers": [
{
"type": "router",
"options": {
"pythonpath": ["../../twisted/wamp/rpc/authorize/"]
},
"realms": [
{
"name": "crossbardemo",
@ -55,6 +58,21 @@
"cache": true
}
]
},
{
"name": "approver",
"permissions": [
{
"uri": "com.example.authorize",
"allow": {
"register": true
}
}
]
},
{
"name": "dynamic_authed",
"authorizer": "com.example.authorize"
}
]
}
@ -120,6 +138,10 @@
"secret": "p4ssw0rd",
"role": "authenticated"
},
"bob": {
"secret": "p4ssw0rd",
"role": "dynamic_authed"
},
"salted": {
"secret": "zFXAAAqW5nlonWfP6JLMq4KGLRYZAd8OSXWknEbckCQ=",
"role": "authenticated",
@ -175,6 +197,14 @@
}
}
}
],
"components": [
{
"type": "class",
"classname": "authorizer.MyAuthorizer",
"realm": "crossbardemo",
"role": "approver"
}
]
}
]

4
examples/twisted/wamp/rpc/authorize/README.md Normal file
View File

@ -0,0 +1,4 @@
This shows how to use dynamic authorizers
Try changing the "if True" in "authorize.py" -- then the registration
should fail.

2
examples/twisted/wamp/rpc/authorize/__init__.py Normal file
View File

@ -0,0 +1,2 @@
# this is a module so we can include it via PYTHONPATH in the example
# router's config.

28
examples/twisted/wamp/rpc/authorize/authorizer.py Normal file
View File

@ -0,0 +1,28 @@
from twisted.internet.defer import inlineCallbacks
from autobahn.twisted.wamp import ApplicationSession
class MyAuthorizer(ApplicationSession):
@inlineCallbacks
def onJoin(self, details):
print("MyAuthorizer.onJoin({})".format(details))
try:
yield self.register(self.authorize, u'com.example.authorize')
print("MyAuthorizer: authorizer registered")
except Exception as e:
print("MyAuthorizer: failed to register authorizer procedure ({})".format(e))
raise
def authorize(self, details, uri, action, options={}):
print("MyAuthorizer.authorize(uri='{}', action='{}')".format(uri, action))
print("options:")
for k, v in options.items():
print(" {}: {}".format(k, v))
if False:
print("I allow everything.")
else:
if options.get(u"match", "") != u"exact":
print("only exact-match subscriptions allowed")
return False
return True

80
examples/twisted/wamp/rpc/authorize/backend.py Normal file
View File

@ -0,0 +1,80 @@
###############################################################################
#
# The MIT License (MIT)
#
# Copyright (c) Crossbar.io Technologies GmbH
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
###############################################################################
from os import environ
from twisted.internet import reactor
from twisted.internet.defer import inlineCallbacks
from autobahn.twisted.wamp import Session, ApplicationRunner
from autobahn.wamp.types import SubscribeOptions, RegisterOptions
from autobahn.twisted.util import sleep
class Component(Session):
"""
An application component calling the different backend procedures.
"""
@inlineCallbacks
def onJoin(self, details):
print("session attached {}".format(details))
def foo(*args, **kw):
print("foo(): {} {}".format(args, kw))
return None
reg = yield self.register(
foo, u'example.foo',
options=RegisterOptions(
invoke=u'roundrobin',
)
)
print("registered example.foo: {}".format(reg))
def bar(*args, **kw):
print("bar(): {} {}".format(args, kw))
return None
sub = yield self.subscribe(
bar, u"example.",
options=SubscribeOptions(
match=u"prefix",
)
)
print("subscribed: {}".format(sub))
if __name__ == '__main__':
runner = ApplicationRunner(
environ.get("AUTOBAHN_DEMO_ROUTER", u"ws://127.0.0.1:8080/auth_ws"),
u"crossbardemo",
)
def make(config):
session = Component(config)
session.add_authenticator(
u"wampcra", authid=u'bob', secret=u'p4ssw0rd'
)
return session
runner.run(make)