z3c.authenticator IAuthentication implementation for for Zope3
Download

z3c.authenticator Ranking & Summary

z3c.authenticator Tags

implementation Zope IAuthentication implementation Zope authenticator IAuthentication

z3c.authenticator Description

IAuthentication implementation for for Zope3 z3c.authenticator provides an IAuthentication implementation for Zope3. Note that this implementation is independent of zope.app.authentication and it doesn't depend on that package. This means it doesn't even use the credential or authentication plugins offered from zope.app.authentication package.IAuthentication UtilityThe Authenticator package provides a framework for authenticating principals and associating information with them. It uses plugins and subscribers to get its work done.For a simple authentication utility to be used, it should be registered as a utility providing the zope.authentication.interfaces.IAuthentication interface.Our target is to support a handy IAuthentication utility which offers a simple API for custom IUser implementations and does not depend on the default zope.app.authentication implementation.SecurityThe Authenticator supports unique id tokens for principals. This means principal that get deleted and again added with the same id, login etc. do not have the same id again. We support this by generate a user id token generated by the host id, timestamp, a random string and the login attribute.What's different from PluggableAuthenticationWe use a different pattern for IAuthenticatorPlugins in this implementation than used in PluggableAuthentication from zope.app.authentication, because the pluggable authentication is not very handy when it comes to implementing custom principal information. The IPrincipalInfo hook supporting not propagate the password of a IInternalPrincipal is droped in this implementation.In our implementation we offer a IFoundPrincipal and IAuthenticatedPrincipal which are implemented as adapters for a IUser. These adapters do not offer their context which is the real IUser.The Authenticator doesn't use a prefix. The usage of a prefix is only implemented in the IGroupContainer.We do not use a prefix in the IUserContainer because of the used unique user id tokens. This will make sure that the same principal id doesn't get used at a later time (common criteria). There is a add method which creates this id for you based on the login. The __setitem__ should not get used directly for adding IUser instances anymore. We heavily restricted the usage of this method. See the inline doc tests in __setitem__ for more info.AuthenticationThe primary job of Authenticator is to authenticate principals. It uses two types of plug-ins in its work: * Credentials Plugins * Authenticator PluginsCredentials plugins are responsible for extracting user credentials from a request. A credentials plugin may in some cases issue a 'challenge' to obtain credentials. For example, a 'session' credentials plugin reads credentials from a session (the "extraction"). If it cannot find credentials, it will redirect the user to a login form in order to provide them (the "challenge").Authenticator plugins are responsible for authenticating the credentials extracted by a credentials plugin. They are also typically able to create principal objects for credentials they successfully authenticate.Given a request object, the Authenticator returns a principal object, if it can. The Authenticator utility does this by first iterating through its credentials plugins to obtain a set of credentials. If it gets credentials, it iterates through its authenticator plugins to authenticate them.If an authenticator succeeds in authenticating a set of credentials, the Authenticator uses the authenticator to create a principal corresponding to the credentials. The authenticator notifies subscribers if an authenticated principal is created. Subscribers are responsible for adding data, especially groups, to the principal. Typically, if a subscriber adds data, it should also add corresponding interface declarations. Requirements: · Python What's New in This Release: · Bugfix: Did not handle unicode IUser.login values. · Fixed DeprecationWarnings.

z3c.authenticator Related Software