Add Hawk authentication backend

This adds support for the [Hawk "Holder-Of-Key Authentication Scheme"](https://github.com/hueniverse/hawk`) backend. This also updates the `MultiAuthBackend` to collect any challenges from failed backends and provide them on the synthesized `HTTPUnauthorized` error if no backend succeeds in authenticating the request. The hawk library, and now the jwt library, are optional dependencies that must be specified in the client project's requirements as ["extras"](https://www.python.org/dev/peps/pep-0508/#extras). This ensures that clients only install the backend libraries necessary to their use case. This also cleans up some redundant specification of default values when raising `falcon.HTTPUnauthorized` exceptions from the backend code. Lastly, it adds testing support for 3.7 and adds classifier strings to setup.py
vertexcover-io · Jan 23, 2019 · 9999a47 · 9999a47
1 parent 5ddbf62
commit 9999a47
Show file tree

Hide file tree

Showing 8 changed files with 352 additions and 74 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,18 +1,49 @@
 language: python
-python:
-  - "2.6"
-  - "2.7"
-  - "3.3"
-  - "3.4"
-  - "3.5"
-  - "3.6"
+
+matrix:
+  include:
+    - python: 2.6
+      env:
+        - WITH_JWT=false
+          WITH_HAWK=true
+    - python: 2.7
+      env:
+        - WITH_JWT=true
+          WITH_HAWK=true
+    - python: 3.3
+      env:
+        - WITH_JWT=false
+          WITH_HAWK=false
+          SETUPTOOLS="setuptools<40.0.0"
+    - python: 3.4
+      env:
+        - WITH_JWT=true
+          WITH_HAWK=true
+    - python: 3.5
+      env:
+        - WITH_JWT=true
+          WITH_HAWK=true
+    - python: 3.6
+      env:
+        - WITH_JWT=true
+          WITH_HAWK=true
+    - python: 3.7
+      dist: xenial
+      env:
+        - WITH_JWT=true
+          WITH_HAWK=true
 
 before_install:
   - pip install --upgrade pytest
 
-install: "pip install -r requirements-dev.txt"
+install:
+  - "[[ -n \"$SETUPTOOLS\" ]] && pip install \"$SETUPTOOLS\" || true"
+  - "pip install -r requirements-dev.txt"
+  - "\"$WITH_JWT\" && pip install \"pyjwt>=1.7.0,<2.0.0\" || true"
+  - "\"$WITH_HAWK\" && pip install \"mohawk>=1.0.0,<2.0.0\" || true"
 
-script: py.test --cov-report term-missing --cov=falcon_auth
+script:
+  - py.test --cov-report term-missing --cov=falcon_auth
 
 after_success:
-  - coveralls
+  - coveralls
diff --git a/README.rst b/README.rst
@@ -15,6 +15,12 @@ Install the extension with pip, or easy\_install.
 
     $ pip install -U falcon-auth
 
+If you wish to use the optional backends, specify those dependencies, too.
+
+.. code:: bash
+
+    $ pip install -U falcon-auth[backend-hawk,backend-jwt]
+
 Usage
 -----
 
@@ -123,9 +129,25 @@ credentials(username and password) encoded using ``base64`` and a prefix (typica
 Implements a Simple Token Based Authentication Scheme where HTTP ``Authorization``
 header contains a prefix (typically Token) followed by an `API Token`
 
-+ **JWT Authentication**
++ **JWT Authentication (Python 2.7, 3.4+)**
 
 Token based authentication using the `JSON Web Token standard <https://jwt.io/introduction/>`__
+If you wish to use this backend, be sure to add the optional dependency to your requirements (See Python `"extras" <https://www.python.org/dev/peps/pep-0508/#extras>`__):
+
+.. code:: text
+
+    falcon-auth[backend-jwt]
+
+
++ **Hawk Authentication (Python 2.6+, 3.4+)**
+
+Token based authentication using the `Hawk "Holder-Of-Key Authentication Scheme" <https://github.com/hueniverse/hawk>`__
+If you wish to use this backend, be sure to add the optional dependency to your requirements (See Python `"extras" <https://www.python.org/dev/peps/pep-0508/#extras>`__):
+
+.. code:: text
+
+    falcon-auth[backend-hawk]
+
 
 + **Dummy Authentication**
 
@@ -134,7 +156,7 @@ Backend which does not perform any authentication checks
 + **Multi Backend Authentication**
 
 A Backend which comprises of multiple backends and requires any of them to authenticate
-the request successfully
+the request successfully.
 
 Tests
 -----