Permalink
Browse files

Merge branch 'feature.api-revamp'

  • Loading branch information...
2 parents e81ea00 + f223ca7 commit 26505953c881b69c5fd47f2138303678eb5cae3e @mmerickel mmerickel committed May 7, 2012
Showing with 2,594 additions and 2,262 deletions.
  1. +1 −0 .gitignore
  2. +49 −28 README
  3. +52 −0 TODO
  4. +0 −2 demo/.gitignore
  5. +0 −4 demo/CHANGES.txt
  6. +0 −2 demo/MANIFEST.in
  7. +0 −1 demo/README.txt
  8. +0 −18 demo/demo/__init__.py
  9. +0 −14 demo/demo/views.py
  10. +0 −92 demo/development.ini
  11. +0 −89 demo/production.ini
  12. +0 −27 demo/setup.cfg
  13. +0 −41 demo/setup.py
  14. +1 −2 docs/modules/index.rst
  15. +0 −2 docs/modules/providers/facebook.rst
  16. +0 −2 docs/modules/providers/github.rst
  17. +2 −7 docs/modules/providers/google.rst
  18. +1 −3 docs/modules/providers/live.rst
  19. +0 −2 docs/modules/providers/twitter.rst
  20. +0 −3 docs/modules/providers/yahoo.rst
  21. +0 −12 docs/modules/store/index.rst
  22. +0 −10 docs/modules/store/interface.rst
  23. +0 −10 docs/modules/store/memstore.rst
  24. +0 −10 docs/modules/store/redisstore.rst
  25. +0 −1 docs/modules/utils.rst
  26. +30 −9 docs/overview.rst
  27. +19 −9 docs/providers.rst
  28. +32 −0 examples/flask_app/README.txt
  29. +14 −0 examples/flask_app/example.cfg
  30. +32 −0 examples/flask_app/myapp.py
  31. +29 −0 examples/pyramid_plugin/README.txt
  32. +59 −0 examples/pyramid_plugin/example.ini
  33. +103 −0 examples/pyramid_plugin/myapp/__init__.py
  34. +38 −0 examples/pyramid_plugin/myapp/templates/login.mako
  35. +14 −0 examples/pyramid_plugin/myapp/templates/result.mako
  36. +22 −0 examples/pyramid_plugin/setup.py
  37. +8 −10 setup.cfg
  38. +28 −20 setup.py
  39. +83 −26 tests/selenium/testapp/__init__.py
  40. +25 −31 tests/selenium/testapp/templates/login.mako
  41. +5 −21 tests/selenium/testing.ini
  42. +19 −21 tests/selenium/tests.py
  43. 0 tests/units/test_app/__init__.py
  44. 0 tests/units/{ → test_app}/test_baseconvert.py
  45. +17 −0 tests/units/test_settings.py
  46. +21 −1 velruse/__init__.py
  47. +19 −7 velruse/api.py
  48. +0 −157 velruse/app.py
  49. +205 −0 velruse/app/__init__.py
  50. +0 −2 velruse/{ → app}/baseconvert.py
  51. +30 −0 velruse/app/utils.py
  52. +0 −17 velruse/errors.py
  53. +0 −9 velruse/exceptions.py
  54. +111 −84 velruse/providers/bitbucket.py
  55. +111 −69 velruse/providers/douban.py
  56. +103 −60 velruse/providers/facebook.py
  57. +108 −65 velruse/providers/github.py
  58. +60 −40 velruse/providers/google.py
  59. +121 −84 velruse/providers/lastfm.py
  60. +117 −87 velruse/providers/linkedin.py
  61. +103 −58 velruse/providers/live.py
  62. +2 −0 velruse/providers/oid_extensions.py
  63. +200 −182 velruse/providers/{openidconsumer.py → openid.py}
  64. +115 −67 velruse/providers/qq.py
  65. +98 −50 velruse/providers/renren.py
  66. +114 −72 velruse/providers/taobao.py
  67. +100 −69 velruse/providers/twitter.py
  68. +111 −65 velruse/providers/weibo.py
  69. +44 −27 velruse/providers/yahoo.py
  70. +18 −0 velruse/settings.py
  71. +0 −27 velruse/store/__init__.py
  72. +0 −67 velruse/store/interface.py
  73. +0 −63 velruse/store/memcached_store.py
  74. +0 −48 velruse/store/memstore.py
  75. +0 −87 velruse/store/mongodb_store.py
  76. +0 −67 velruse/store/redis_store.py
  77. +0 −67 velruse/store/sqlstore.py
  78. +0 −35 velruse/utils.py
View
@@ -12,4 +12,5 @@ build
dist
associations
openid_data
+env
View
77 README
@@ -1,46 +1,67 @@
-Velruse is a set of authentication routines that provide a unified way to have a website user authenticate to a variety of different identity providers and/or a variety of different authentication schemes.
+Velruse is a set of authentication routines that provide a unified way
+to have a website user authenticate to a variety of different identity
+providers and/or a variety of different authentication schemes.
-It is similar in some ways to RPXnow with the exception of being open-source, locally installable, and easily pluggable for custom identity providers and authentication schemes.
+It is similar in some ways to RPXnow with the exception of being
+open-source, locally installable, and easily pluggable for custom
+identity providers and authentication schemes.
-You can run Velruse as a stand-alone service for use with your websites regardless of the language they're written in. While Velruse itself is written in Python, since it can interact with your website purely via HTTP POST's.
+You can run Velruse as a stand-alone service for use with your websites
+regardless of the language they're written in. While Velruse itself is
+written in Python, since it can interact with your website purely via
+HTTP POST's.
Velruse can:
- * Normalize identity information from varying provider sources (OpenID, Google, Facebook, etc.) to Portable Contacts.
- * Simplify complex authentication protocols by providing a simple consistent API
- * Provide extension points for other authentication systems, write your own auth provider to handle CAS, LDAP, and use it with ease
- * Integrate with most web applications regardless of the language used to write the website
+* Normalize identity information from varying provider sources
+ (OpenID, Google, Facebook, etc.) to Portable Contacts.
+* Simplify complex authentication protocols by providing a simple
+ consistent API.
+* Provide extension points for other authentication systems, write your
+ own auth provider to handle CAS, LDAP, and use it with ease.
+* Integrate with most web applications regardless of the language used
+ to write the website.
-Warning: It's early yet for Velruse, so only those interested in developing Velruse should be taking a look into this now.
+Warning: It's early yet for Velruse, so only those interested in
+developing Velruse should be taking a look into this now.
----
Overview
-Velruse aims to simplify authenticating a user. It provides auth provider‘s that handle authenticating to a variety of identity providers with multiple authentication schemes (LDAP, SAML, etc.).
+Velruse aims to simplify authenticating a user. It provides auth
+providers that handle authenticating to a variety of identity providers
+with multiple authentication schemes (LDAP, SAML, etc.).
-Eventually, Velruse will include widgets similar to RPXNow that allow one to customize a login/registration widget so that a website user can select a preferred identity provider to use to sign-in.
+Eventually, Velruse will include widgets similar to RPXNow that allow
+one to customize a login/registration widget so that a website user can
+select a preferred identity provider to use to sign-in.
-In the mean-time, effort is focused on increasing the available auth provider‘s for the commonly used authentication schemes and identity providers (Facebook, Google, OpenID, etc).
+In the mean-time, effort is focused on increasing the available auth
+providers for the commonly used authentication schemes and identity
+providers (Facebook, Google, OpenID, etc).
-Unlike other authentication libraries for use with web applications, a website using Velruse for authentication does not have to be written in any particular language.
-API
-
-Velruse implements an API similar to RPXNow to standardize the way a web application handles user authentication. The standard flow of using Velruse looks like this:
-Velruse Authentication flow
+Unlike other authentication libraries for use with web applications, a
+website using Velruse for authentication does not have to be written in
+any particular language.
- 1. Website sends a POST to the auth provider‘s URL with an endpoint that the user should be redirected back to when authentication is complete and includes any additional parameters that the auth provider requires.
- 2. When the auth provider finishes the authentication, the user is redirected back to the endpoint specified with a POST, which includes a unique token.
- 3. Website then makes a query to the UserStore using the token that was provided. The user’s identity information will be returned, or an error if the authentication was unsuccessful.
+API
-If the website is unable to directly access the UserStore then Step 3 can be replaced by issuing a HTTP POST in the background to the auth provider requesting the user’s information with the token.
+Velruse implements an API similar to RPXNow to standardize the way a
+web application handles user authentication.
-----
+Velruse Authentication flow
-Current providers:
-# Facebook
-# OpenID
-# Google
-# Yahoo
-# Twitter
-# Windows Live
+1. Website sends a POST to the auth provider‘s URL with an endpoint that
+ the user should be redirected back to when authentication is complete
+ and includes any additional parameters that the auth provider requires.
+2. When the auth provider finishes the authentication, the user is
+ redirected back to the endpoint specified with a POST, which includes
+ a unique token.
+3. Website then makes a query to the UserStore using the token that was
+ provided. The user’s identity information will be returned, or an
+ error if the authentication was unsuccessful.
+
+If the website is unable to directly access the UserStore then Step 3 can
+be replaced by issuing a HTTP POST in the background to the auth provider
+requesting the user’s information with the token.
View
52 TODO
@@ -0,0 +1,52 @@
+Velruse TODO
+============
+
+Next Release
+------------
+
+- Fix the Flask example to work with a Velruse standalone app.
+
+- Document the standalone app.
+
+Nice-to-Have
+------------
+
+- Create a Velruse WSGI middleware component. This would contain most of the
+ current internals of the standalone app, but allow the credentials to be
+ passed directly into an application (via the environ) without any
+ sub-requests.
+
+- OpenID doesn't seem to work with Google Hosted Apps.
+
+- Improved testing.
+
+ + Support request/response fixtures for each endpoint that can be
+ run through to validate behavior.
+
+ + Make selenium tests optional, and preferably have the server run
+ in a thread within the test setup to avoid having to spin up a separate
+ shell to run the server.
+
+ + Create unit tests for the portable contacts conversion functions
+ such as ``velruse.providers.facebook.extract_fb_data()``.
+
+ + Automate testing, possibly via Travis-CI or Jenkins.
+
+- Add an LDAP provider?
+
+- Support storing some state via the login URL.
+
+ + POST /login/facebook with state=foo, we would expect that state=foo
+ is then available somehow in the AuthenticationComplete context.
+
+- Add CSRF checking to more providers.
+
+- Add introspection via Pyramid's introspection API ('velruse providers'
+ category).
+
+- Add support for /auth endpoints as well as /login endpoints. Some providers
+ like Twitter and Last.fm have different workflows for simply logging in
+ versus granting access to the user's data on a provider's system.
+
+- Possibly factor out a Provider base class that can handle a lot of common
+ operations between providers (sub-requests, state tracking, introspection).
View
@@ -1,2 +0,0 @@
-cache
-env
View
@@ -1,4 +0,0 @@
-0.0
----
-
-- Initial version
View
@@ -1,2 +0,0 @@
-include *.txt *.ini *.cfg *.rst
-recursive-include demo *.ico *.png *.css *.gif *.jpg *.pt *.txt *.mak *.mako *.js *.html *.xml
View
@@ -1 +0,0 @@
-demo README
View
@@ -1,18 +0,0 @@
-from pyramid.config import Configurator
-from pyramid.session import UnencryptedCookieSessionFactoryConfig
-
-def main(global_config, **settings):
- """ This function returns a Pyramid WSGI application.
- """
- session_factory = UnencryptedCookieSessionFactoryConfig(
- settings['cookie.secret'],
- )
- config = Configurator(
- settings=settings,
- session_factory=session_factory,
- )
- config.include('velruse.providers.github')
- config.include('velruse.providers.facebook')
-
- config.scan('.views')
- return config.make_wsgi_app()
View
@@ -1,14 +0,0 @@
-from pyramid.view import view_config
-
-@view_config(context='velruse.api.AuthenticationComplete', renderer='json')
-def auth_complete_view(context, request):
- return {
- 'profile': context.profile,
- 'credentials': context.credentials,
- }
-
-
-@view_config(context='velruse.exceptions.AuthenticationDenied',
- renderer='json')
-def auth_denied_view(context, request):
- return context.args
View
@@ -1,92 +0,0 @@
-[app:main]
-use = egg:demo
-
-pyramid.reload_templates = true
-pyramid.debug_authorization = false
-pyramid.debug_notfound = false
-pyramid.debug_routematch = false
-pyramid.debug_templates = true
-pyramid.default_locale_name = en
-pyramid.includes = pyramid_debugtoolbar
-
-cookie.secret = seekrit
-
-# OpenID storage required by:
-# google, yahoo and openid providers
-#velruse.openid.store =
-#velruse.openid.realm =
-
-# Bitbucket
-#velruse.bitbucket.consumer_key =
-#velruse.bitbucket.consumer_secret =
-#velruse.bitbucket.authorize = true
-
-# Facebook
-#velruse.facebook.consumer_key =
-#velruse.facebook.consumer_secret =
-#velruse.facebook.scope =
-
-# Github
-#velruse.github.consumer_key =
-#velruse.github.consumer_secret =
-#velruse.github.scope =
-
-# Google (also requires OpenID configuration)
-#velruse.google.consumer_key =
-#velruse.google.consumer_secret =
-#velruse.google.oauth_scope =
-
-# LinkedIn
-#velruse.linkedin.consumer_key =
-#velruse.linkedin.consumer_secret =
-#velruse.linkedin.authorize =
-
-# Windows Live
-#velruse.live.consumer_id =
-#velruse.live.consumer_secret =
-#velruse.live.scope =
-
-# Twitter
-#velruse.twitter.consumer_key =
-#velruse.twitter.consumer_secret =
-#velruse.twitter.authorize =
-
-# Yahoo (also requires OpenID configuration)
-#velruse.yahoo.consumer_key =
-#velruse.yahoo.consumer_secret =
-
-[server:main]
-use = egg:Paste#http
-host = 0.0.0.0
-port = 6543
-
-# Begin logging configuration
-
-[loggers]
-keys = root, demo
-
-[handlers]
-keys = console
-
-[formatters]
-keys = generic
-
-[logger_root]
-level = INFO
-handlers = console
-
-[logger_demo]
-level = DEBUG
-handlers =
-qualname = demo
-
-[handler_console]
-class = StreamHandler
-args = (sys.stderr,)
-level = NOTSET
-formatter = generic
-
-[formatter_generic]
-format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
-
-# End logging configuration
View
@@ -1,89 +0,0 @@
-[app:main]
-use = egg:demo
-
-pyramid.reload_templates = false
-pyramid.debug_authorization = false
-pyramid.debug_notfound = false
-pyramid.debug_routematch = false
-pyramid.debug_templates = false
-pyramid.default_locale_name = en
-
-# OpenID storage required by:
-# google, yahoo and openid providers
-#velruse.openid.store =
-#velruse.openid.realm =
-
-# Bitbucket
-#velruse.bitbucket.consumer_key =
-#velruse.bitbucket.consumer_secret =
-#velruse.bitbucket.authorize = true
-
-# Facebook
-#velruse.facebook.consumer_key =
-#velruse.facebook.consumer_secret =
-#velruse.facebook.scope =
-
-# Github
-#velruse.github.consumer_key =
-#velruse.github.consumer_secret =
-#velruse.github.scope =
-
-# Google (also requires OpenID configuration)
-#velruse.google.consumer_key =
-#velruse.google.consumer_secret =
-#velruse.google.oauth_scope =
-
-# LinkedIn
-#velruse.linkedin.consumer_key =
-#velruse.linkedin.consumer_secret =
-#velruse.linkedin.authorize =
-
-# Microsoft Live
-#velruse.live.consumer_id =
-#velruse.live.consumer_secret =
-#velruse.live.scope =
-
-# Twitter
-#velruse.twitter.consumer_key =
-#velruse.twitter.consumer_secret =
-#velruse.twitter.authorize =
-
-# Yahoo (also requires OpenID configuration)
-#velruse.yahoo.consumer_key =
-#velruse.yahoo.consumer_secret =
-
-[server:main]
-use = egg:Paste#http
-host = 0.0.0.0
-port = 6543
-
-# Begin logging configuration
-
-[loggers]
-keys = root, demo
-
-[handlers]
-keys = console
-
-[formatters]
-keys = generic
-
-[logger_root]
-level = WARN
-handlers = console
-
-[logger_demo]
-level = WARN
-handlers =
-qualname = demo
-
-[handler_console]
-class = StreamHandler
-args = (sys.stderr,)
-level = NOTSET
-formatter = generic
-
-[formatter_generic]
-format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
-
-# End logging configuration
Oops, something went wrong.

0 comments on commit 2650595

Please sign in to comment.