magpie.security

Attributes

AUTHOMATIC_LOGGER

LOGGER

Classes

RootFactory

Used to build base Access Control List (ACL) of the request user.

Functions

get_constant(→ magpie.typedefs.SettingValue)

Search in order for matched value of constant_name:

get_logger(→ logging.Logger)

Immediately sets the logger level to avoid duplicate log outputs from the root logger and this logger when

get_settings(→ magpie.typedefs.SettingsType)

Retrieve application settings from a supported container.

mask_credentials(→ magpie.typedefs.JSON)

Masks away any credential matched against flags recursively from JSON container.

get_auth_config(→ pyramid.config.Configurator)

Generates Magpie application configuration with all utilities required for security and access control.

authomatic_setup(request)

authomatic_config([request])

get_providers(→ magpie.typedefs.JSON)

Module Contents

magpie.security.get_constant(constant_name: magpie.typedefs.Str, settings_container: magpie.typedefs.AnySettingsContainer | None = None, settings_name: magpie.typedefs.Str | None = None, default_value: magpie.typedefs.SettingValue | None = None, raise_not_set: bool = True, raise_missing: bool = True, print_missing: bool = False, empty_missing: bool = False) magpie.typedefs.SettingValue[source]
Search in order for matched value of constant_name:

  1. search in MAGPIE_CONSTANTS

  2. search in settings if specified

  3. search alternative setting names (see below)

  4. search in magpie.constants definitions

  5. search in environment variables

Parameter constant_name is expected to have the format MAGPIE_[VARIABLE_NAME] although any value can be passed to retrieve generic settings from all above-mentioned search locations.

If settings_name is provided as alternative name, it is used as is to search for results if constant_name was not found. Otherwise, magpie.[variable_name] is used for additional search when the format MAGPIE_[VARIABLE_NAME] was used for constant_name (i.e.: MAGPIE_ADMIN_USER will also search for magpie.admin_user and so on for corresponding constants).

Parameters:

  • constant_name – key to search for a value

  • settings_container – WSGI application settings container (if not provided, uses found one in current thread)

  • settings_name – alternative name for settings if specified

  • default_value – default value to be returned if not found anywhere, and exception raises are disabled.

  • raise_not_set – raise an exception if the found key is None, search until last case if others are None

  • raise_missing – raise exception if key is not found anywhere

  • print_missing – print message if key is not found anywhere, return None

  • empty_missing – consider an empty value for an existing key as if it was missing (i.e.: as if not set).

Returns:

found value or default_value

Raises:

  • ValueError – if resulting value is invalid based on options (by default raise missing/empty/None value)

  • LookupError – if no appropriate value could be found from all search locations (according to options)

class magpie.security.RootFactory(request: pyramid.request.Request)[source]

Bases: object

Used to build base Access Control List (ACL) of the request user.

All API and UI routes will employ this set of effective principals to determine if the user is authorized to access the pyramid view according to the permission value it was configured with.

Note

Keep in mind that Magpie is configured with default permission magpie.constants.MAGPIE_ADMIN_PERMISSION. Views that require more permissive authorization must be overridden with permission argument.

See also

__name__ = None
__parent__ = ''
property __acl__: magpie.typedefs.AccessControlListType

Administrators have all permissions, user/group-specific permissions added if user is logged in.

magpie.security.get_logger(name: magpie.typedefs.Str, level: int | None = None, force_stdout: bool = None, message_format: magpie.typedefs.Str | None = None, datetime_format: magpie.typedefs.Str | None = None) logging.Logger[source]

Immediately sets the logger level to avoid duplicate log outputs from the root logger and this logger when level is logging.NOTSET.

magpie.security.get_settings(container: magpie.typedefs.AnySettingsContainer | None, app: bool = False) magpie.typedefs.SettingsType[source]

Retrieve application settings from a supported container.

Parameters:

  • container – supported container with a handle to application settings.

  • app – allow retrieving from current thread registry if no container was defined.

Returns:

found application settings dictionary.

Raises:

TypeError – when no application settings could be found or unsupported container.

magpie.security.AUTHOMATIC_LOGGER[source]
magpie.security.LOGGER[source]
magpie.security.mask_credentials(container: magpie.typedefs.JSON, redact: magpie.typedefs.Str = '[REDACTED]', flags: List[magpie.typedefs.Str] | None = None, parent: magpie.typedefs.Str | None = None) magpie.typedefs.JSON[source]

Masks away any credential matched against flags recursively from JSON container.

Matched credential entries are replaced by redact. List items are all replaced by the same redact when their parent field name is matched.

Parameters:

  • container – JSON container to mask. If starting with a list on top-level, first level children will not be masked unless parent is provided.

  • redact – string by which to replace flagged fields.

  • flags – field names (partial matches) to flag for masking.

  • parent – reference to contained elements if in a listing format rather than mapping.

Returns:

masked credentials JSON container.

magpie.security.get_auth_config(container: magpie.typedefs.AnySettingsContainer) pyramid.config.Configurator[source]

Generates Magpie application configuration with all utilities required for security and access control.

magpie.security.authomatic_setup(request)[source]
magpie.security.authomatic_config(request=None)[source]
magpie.security.get_providers() magpie.typedefs.JSON[source]