Permalink
Browse files

Fix security examples, create settings.

  • Loading branch information...
1 parent e15d09e commit e6543da01e3dfa308b54651efa87009c98e9de68 @stasfilin stasfilin committed with Aug 12, 2016
@@ -23,10 +23,11 @@
import bcrypt
from eve import Eve
from eve.auth import BasicAuth
+from settings_security import SETTINGS
class BCryptAuth(BasicAuth):
- def check_auth(self, username, password, allowed_roles):
+ def check_auth(self, username, password, allowed_roles, resource, method):
# use Eve's own db driver; no additional connections/resources are used
accounts = app.data.driver.db['accounts']
account = accounts.find_one({'username': username})
@@ -35,5 +36,5 @@ def check_auth(self, username, password, allowed_roles):
if __name__ == '__main__':
- app = Eve(auth=BCryptAuth)
+ app = Eve(auth=BCryptAuth, settings=SETTINGS)
app.run()
@@ -45,15 +45,18 @@
This snippet by Nicola Iarocci can be used freely for anything you like.
Consider it public domain.
"""
+import hmac
from eve import Eve
from eve.auth import HMACAuth
from hashlib import sha1
-import hmac
+
+from settings_security import SETTINGS
class HMACAuth(HMACAuth):
- def check_auth(self, userid, hmac_hash, headers, data, allowed_roles):
+ def check_auth(self, userid, hmac_hash, headers, data, allowed_roles,
+ resource, method):
# use Eve's own db driver; no additional connections/resources are used
accounts = app.data.driver.db['accounts']
user = accounts.find_one({'userid': userid})
@@ -66,5 +69,5 @@ def check_auth(self, userid, hmac_hash, headers, data, allowed_roles):
if __name__ == '__main__':
- app = Eve(auth=HMACAuth)
+ app = Eve(auth=HMACAuth, settings=SETTINGS)
app.run()
@@ -27,9 +27,11 @@
from eve.auth import BasicAuth
from werkzeug.security import check_password_hash
+from settings_security import SETTINGS
+
class RolesAuth(BasicAuth):
- def check_auth(self, username, password, allowed_roles):
+ def check_auth(self, username, password, allowed_roles, resource, method):
# use Eve's own db driver; no additional connections/resources are used
accounts = app.data.driver.db['accounts']
lookup = {'username': username}
@@ -41,5 +43,5 @@ def check_auth(self, username, password, allowed_roles):
if __name__ == '__main__':
- app = Eve(auth=RolesAuth)
+ app = Eve(auth=RolesAuth, settings=SETTINGS)
app.run()
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+
+SETTINGS = {
+ 'DEBUG': True,
+ 'MONGO_HOST': 'localhost',
+ 'MONGO_PORT': 27017,
+ 'MONGO_DBNAME': 'test_db',
+ 'DOMAIN': {'accounts': {
+ 'username': {
+ 'type': 'string',
+ 'minlength': 5,
+ 'maxlength': 20,
+ },
+ 'password': {
+ 'type': 'string',
+ 'minlength': 5,
+ 'maxlength': 20,
+ },
+ 'secret_key': {
+ 'type': 'string',
+ 'minlength': 5,
+ 'maxlength': 20,
+ },
+ 'roles': {
+ 'type': 'string',
+ 'minlength': 10,
+ 'maxlength': 50,
+ },
+ 'token': {
+ 'type': 'string',
+ 'minlength': 10,
+ 'maxlength': 50,
+ },
+ }}
+}
@@ -25,9 +25,11 @@
from eve.auth import BasicAuth
from werkzeug.security import check_password_hash
+from settings_security import SETTINGS
+
class Sha1Auth(BasicAuth):
- def check_auth(self, username, password, allowed_roles):
+ def check_auth(self, username, password, allowed_roles, resource, method):
# use Eve's own db driver; no additional connections/resources are used
accounts = app.data.driver.db['accounts']
account = accounts.find_one({'username': username})
@@ -36,5 +38,5 @@ def check_auth(self, username, password, allowed_roles):
if __name__ == '__main__':
- app = Eve(auth=Sha1Auth)
+ app = Eve(auth=Sha1Auth, settings=SETTINGS)
app.run()
@@ -23,9 +23,11 @@
from eve import Eve
from eve.auth import TokenAuth
+from settings_security import SETTINGS
+
class TokenAuth(TokenAuth):
- def check_auth(self, token, allowed_roles):
+ def check_auth(self, token, allowed_roles, resource, method):
"""For the purpose of this example the implementation is as simple as
possible. A 'real' token should probably contain a hash of the
username/password combo, which sould then validated against the account
@@ -37,5 +39,5 @@ def check_auth(self, token, allowed_roles):
if __name__ == '__main__':
- app = Eve(auth=TokenAuth)
+ app = Eve(auth=TokenAuth, settings=SETTINGS)
app.run()

0 comments on commit e6543da

Please sign in to comment.