ahriman.core.auth package

Submodules

ahriman.core.auth.auth module

class Auth(configuration: Configuration, provider: AuthSettings = AuthSettings.Disabled)

Bases: LazyLogging

helper to deal with user authorization

enabled

indicates if authorization is enabled

Type:: bool

max_age

session age in seconds. It will be used for both client side and server side checks

Type:: int

allow_read_only

allow read only access to APIs

Type:: bool

default constructor

Parameters:

configuration (Configuration) – configuration instance
provider (AuthSettings, optional) – authorization type definition (Default value = AuthSettings.Disabled)

async check_credentials(username: str | None, password: str | None) → bool

validate user password

Parameters:

username (str | None) – username
password (str | None) – entered password

Returns:

True in case if password matches, False otherwise

Return type:

bool

async known_username(username: str | None) → bool

check if user is known

Parameters:: username (str | None) – username
Returns:: True in case if user is known and can be authorized and False otherwise
Return type:: bool

static load(configuration: Configuration, database: SQLite) → Auth

load authorization module from settings

Parameters:

configuration (Configuration) – configuration instance
database (SQLite) – database instance

Returns:

authorization module according to current settings

Return type:

Auth

async verify_access(username: str, required: UserAccess, context: str | None) → bool

validate if user has access to requested resource

Parameters:

username (str) – username
required (UserAccess) – required access level
context (str | None) – URI request path

Returns:

True in case if user is allowed to do this request and False otherwise

Return type:

bool

property auth_control: str

This workaround is required to make different behaviour for login interface. In case of internal authentication it must provide an interface (modal form) to log in with button sends POST request. But for an external providers behaviour can be different: e.g. OAuth provider requires sending GET request to external resource

Returns:: login control as html code to insert
Return type:: str

ahriman.core.auth.helpers module

async authorized_userid(*args: Any, **kwargs: Any) → Any

handle aiohttp security methods

Parameters:

*args (Any) – argument list as provided by authorized_userid function
**kwargs (Any) – named argument list as provided by authorized_userid function

Returns:

None in case if no aiohttp_security module found and function call otherwise

Return type:

Any

async check_authorized(*args: Any, **kwargs: Any) → Any

handle aiohttp security methods

Parameters:

*args (Any) – argument list as provided by check_authorized function
**kwargs (Any) – named argument list as provided by authorized_userid function

Returns:

None in case if no aiohttp_security module found and function call otherwise

Return type:

Any

async forget(*args: Any, **kwargs: Any) → Any

handle aiohttp security methods

Parameters:

*args (Any) – argument list as provided by forget function
**kwargs (Any) – named argument list as provided by authorized_userid function

Returns:

None in case if no aiohttp_security module found and function call otherwise

Return type:

Any

async remember(*args: Any, **kwargs: Any) → Any

handle disabled auth

Parameters:

*args (Any) – argument list as provided by remember function
**kwargs (Any) – named argument list as provided by authorized_userid function

Returns:

None in case if no aiohttp_security module found and function call otherwise

Return type:

Any

ahriman.core.auth.mapping module

class Mapping(configuration: Configuration, database: SQLite, provider: AuthSettings = AuthSettings.Configuration)

Bases: Auth

user authorization based on mapping from configuration file

salt

random generated string to salted password

Type:: str

database

database instance

Type:: SQLite

default constructor

Parameters:

configuration (Configuration) – configuration instance
database (SQLite) – database instance
provider (AuthSettings, optional) – authorization type definition (Default value = AuthSettings.Configuration)

async check_credentials(username: str | None, password: str | None) → bool

validate user password

Parameters:

username (str | None) – username
password (str | None) – entered password

Returns:

True in case if password matches, False otherwise

Return type:

bool

get_user(username: str) → User | None

retrieve user from in-memory mapping

Parameters:: username (str) – username
Returns:: user descriptor if username is known and None otherwise
Return type:: User | None

async known_username(username: str | None) → bool

check if user is known

Parameters:: username (str | None) – username
Returns:: True in case if user is known and can be authorized and False otherwise
Return type:: bool

async verify_access(username: str, required: UserAccess, context: str | None) → bool

validate if user has access to requested resource

Parameters:

username (str) – username
required (UserAccess) – required access level
context (str | None) – URI request path

Returns:

True in case if user is allowed to do this request and False otherwise

Return type:

bool

ahriman.core.auth.oauth module

class OAuth(configuration: Configuration, database: SQLite, provider: AuthSettings = AuthSettings.OAuth)

Bases: Mapping

User authorization implementation via OAuth. It is required to create application first and put application credentials.

client_id

application client id

Type:: str

client_secret

application client secret key

Type:: str

icon

icon to be used in login control

Type:: str

provider

provider class, should be one of aiohttp-client provided classes

Type:: aioauth_client.OAuth2Client

redirect_uri

redirect URI registered in provider

Type:: str

scopes

list of scopes required by the application

Type:: str

default constructor

Parameters:

configuration (Configuration) – configuration instance
database (SQLite) – database instance
provider (AuthSettings, optional) – authorization type definition (Default value = AuthSettings.OAuth)

get_client() → OAuth2Client

load client from parameters

Returns:: generated client according to current settings
Return type:: aioauth_client.OAuth2Client

get_oauth_url() → str

get authorization URI for the specified settings

Returns:: authorization URI as a string
Return type:: str

async get_oauth_username(code: str) → str | None

extract OAuth username from remote

Parameters:: code (str) – authorization code provided by external service
Returns:: username as is in OAuth provider
Return type:: str | None

static get_provider(name: str) → type[OAuth2Client]

load OAuth2 provider by name

Parameters:: name (str) – name of the provider. Must be valid class defined in aioauth-client library
Returns:: loaded provider type
Return type:: type[aioauth_client.OAuth2Client]
Raises:: OptionError – in case if invalid OAuth provider name supplied

property auth_control: str

get authorization html control

Returns:: login control as html code to insert
Return type:: str

ahriman.core.auth package

Submodules

ahriman.core.auth.auth module

ahriman.core.auth.helpers module

ahriman.core.auth.mapping module

ahriman.core.auth.oauth module

Module contents