Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

file 217 lines (169 sloc) 6.032 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217
Introduction
============

factored is a wsgi application that forces authentication
before is passed to the wsgi application.

This can also be used as a proxy for non-wsgi apps.


Install
-------

using virtualenv::

    virtualenv factored
    cd factored
    git clone git://github.com/vangheem/factored.git
    cd factored
    ../bin/python setup.py develop
    ../bin/initializedb develop.ini
    ../bin/adduser develop.ini --username=john@foo.bar
    ../bin/paster serve develop.ini
    ../bin/removeuser develop.ini --username=john@foo.bar


Configuration
-------------
Must follow the example develop.ini provided. You'll probably want to copy
that file into your own and change the settings.

Edit server and port settings for application server if not using with another
wsgi application.


Paste configuration options
~~~~~~~~~~~~~~~~~~~~~~~~~~~

appname
    Appened to google auth keys so it doesn't overwrite others.
auth_tkt. prefixed options
    Configuration options that are passed directly into repoze.who's auth_tkt
    plugin.
auth_timeout
    The amount of time in seconds a normal authentication session is valid for.
auth_remember_timeout
    The amount of time in seconds the authentication seesion is valid for
    when the user clicks "remember me."
base_auth_url
    Base url all authentication urls and resources are based off of. Useful if
    you're only looking to authenticate a portion of a site.
supported_auth_schemes
    Supported authentication schemes.
email_auth_window
    If using email authentication, the window of time the user has to enter
    correct code in.
email_auth.subject
    Email authencation subject used.
email_auth.sender
    Email authentication from address.
email_auth.body
    Email Authentication text body. `{code}` will be replaced with the code.
pyramid. prefixed options
    Configuration passed directly into pyramid configuration.
sqlalchemy.url
    Connection string for sql backend. Most configurations will work fine
    with normal sqlite.
mail. prefixed options
    Configuration passed directly to the mailer plugin. Options can be found at
    http://packages.python.org/pyramid_mailer/#configuration
autouserfinder
    Specify a plugin that will automatically find users for the system to allow
    authentication for. Pre-packaged plugins include `SQL` and `Email Domain`.
allowgooglecodereminder
    (true|false) value defaulting to false that allows the user, if the username
    is an email, to get a reminder of their code sent to them.
allowgooglecodereminder.subject
    If using allowing code reminders, the email subject of reminder
allowgooglecodereminder.sender
    If using allowing code reminders, the email from address of reminder
allowgooglecodereminder.body
    If using allowing code reminders, the email body of reminder


autouserfinder SQL configuration options
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

autouserfinder.connection_string
    sqlalchemy connection string to connection to the database.
autouserfinder.table_name
    Name of the table to lookup users in.
autouserfinder.email_field
    Name of the field to find the usernames(could be username or email field).


autouserfinder Email Domain configuration options
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

autouserfinder.valid_domains
    List of valid domains to automatically create users for.


Nginx Example Configuration
---------------------------
An example setup with nginx and load balancing::

    server {
        listen 80;
        server_name www.test.com;
        include proxy.conf;

        # paths to protect
        location ~ ^/admin.* {
            proxy_pass http://127.0.0.1:8000;
        }

        location / {
            proxy_pass http://app;
        }
    }

    server {
        listen 8090;
        include proxy.conf;
        location / {
            proxy_pass http://app;
        }
    }


Then factored would be configured to run on port 8000 and proxy
to 8090 and have `base_auth_url` url set to /admin/auth.


Sample Paste Configuration
--------------------------
An example to follow if you're not using a git checkout::

    [app:proxy]
    use = egg:factored#simpleproxy
    server = 127.0.0.1
    port = 8090

    [filter-app:main]
    use = egg:factored#main
    next = proxy
    appname = REPLACEME

    auth_tkt.secret = REPLACEME
    auth_tkt.cookie_name = factored
    auth_tkt.secure = false
    auth_tkt.include_ip = true

    auth_timeout = 7200
    auth_remember_timeout = 604800
    base_auth_url = /auth
    supported_auth_schemes =
        Google Auth
        Email

    email_auth_window = 120
    # in seconds
    email_auth.subject = Authentication Request
    email_auth.sender = foo@bar.com
    email_auth.body =
        You have requested authentication.
        Your temporary access code is: {code}

    autouserfinder = SQL
    autouserfinder.table_name = users
    autouserfinder.email_field = email
    autouserfinder.connection_string = sqlite:///%(here)s/users.db

    allowgooglecodereminder = true
    allowgooglecodereminder.subject = Authentication code reminder
    allowgooglecodereminder.sender = foo@bar.com
    allowgooglecodereminder.body =
        You have requested code reminder.
        Your google auth code url is: {code}

    pyramid.reload_templates = true
    pyramid.debug_authorization = true
    pyramid.debug_notfound = true
    pyramid.debug_routematch = true
    pyramid.default_locale_name = en
    pyramid.includes =
        pyramid_tm
        pyramid_mailer

    sqlalchemy.url = sqlite:///%(here)s/test.db

    # all mail settings can be found at http://packages.python.org/pyramid_mailer/#configuration
    mail.host = localhost
    mail.port = 25

    [server:main]
    use = egg:Paste#http
    # Change to 0.0.0.0 to make public:
    host = 127.0.0.1
    port = 8000


With Gunicorn
-------------

Install::

    ../bin/easy_install gunicorn

to run::

    ../bin/gunicorn_paste --workers=2 develop.ini


Credit
------

Work was sponsored by wildcardcorp.com
Something went wrong with that request. Please try again.