ahriman.core.auth package
Submodules
ahriman.core.auth.auth module
- class Auth(configuration: Configuration, provider: AuthSettings = AuthSettings.Disabled)
Bases:
LazyLogging
helper to deal with user authorization
- enabled
indicates if authorization is enabled
- Type:
bool
- max_age
session age in seconds. It will be used for both client side and server side checks
- Type:
int
- allow_read_only
allow read only access to APIs
- Type:
bool
default constructor
- Parameters:
configuration (Configuration) – configuration instance
provider (AuthSettings, optional) – authorization type definition (Default value = AuthSettings.Disabled)
- async check_credentials(username: str | None, password: str | None) bool
validate user password
- Parameters:
username (str | None) – username
password (str | None) – entered password
- Returns:
True in case if password matches, False otherwise
- Return type:
bool
- async known_username(username: str | None) bool
check if user is known
- Parameters:
username (str | None) – username
- Returns:
True in case if user is known and can be authorized and False otherwise
- Return type:
bool
- static load(configuration: Configuration, database: SQLite) Auth
load authorization module from settings
- Parameters:
configuration (Configuration) – configuration instance
database (SQLite) – database instance
- Returns:
authorization module according to current settings
- Return type:
- async verify_access(username: str, required: UserAccess, context: str | None) bool
validate if user has access to requested resource
- Parameters:
username (str) – username
required (UserAccess) – required access level
context (str | None) – URI request path
- Returns:
True in case if user is allowed to do this request and False otherwise
- Return type:
bool
- property auth_control: str
This workaround is required to make different behaviour for login interface. In case of internal authentication it must provide an interface (modal form) to log in with button sends POST request. But for an external providers behaviour can be different: e.g. OAuth provider requires sending GET request to external resource
- Returns:
login control as html code to insert
- Return type:
str
ahriman.core.auth.helpers module
- async authorized_userid(*args: Any, **kwargs: Any) Any
handle aiohttp security methods
- Parameters:
*args (Any) – argument list as provided by authorized_userid function
**kwargs (Any) – named argument list as provided by authorized_userid function
- Returns:
None in case if no aiohttp_security module found and function call otherwise
- Return type:
Any
- async check_authorized(*args: Any, **kwargs: Any) Any
handle aiohttp security methods
- Parameters:
*args (Any) – argument list as provided by check_authorized function
**kwargs (Any) – named argument list as provided by authorized_userid function
- Returns:
None in case if no aiohttp_security module found and function call otherwise
- Return type:
Any
- async forget(*args: Any, **kwargs: Any) Any
handle aiohttp security methods
- Parameters:
*args (Any) – argument list as provided by forget function
**kwargs (Any) – named argument list as provided by authorized_userid function
- Returns:
None in case if no aiohttp_security module found and function call otherwise
- Return type:
Any
- async remember(*args: Any, **kwargs: Any) Any
handle disabled auth
- Parameters:
*args (Any) – argument list as provided by remember function
**kwargs (Any) – named argument list as provided by authorized_userid function
- Returns:
None in case if no aiohttp_security module found and function call otherwise
- Return type:
Any
ahriman.core.auth.mapping module
- class Mapping(configuration: Configuration, database: SQLite, provider: AuthSettings = AuthSettings.Configuration)
Bases:
Auth
user authorization based on mapping from configuration file
- salt
random generated string to salted password
- Type:
str
default constructor
- Parameters:
configuration (Configuration) – configuration instance
database (SQLite) – database instance
provider (AuthSettings, optional) – authorization type definition (Default value = AuthSettings.Configuration)
- async check_credentials(username: str | None, password: str | None) bool
validate user password
- Parameters:
username (str | None) – username
password (str | None) – entered password
- Returns:
True in case if password matches, False otherwise
- Return type:
bool
- get_user(username: str) User | None
retrieve user from in-memory mapping
- Parameters:
username (str) – username
- Returns:
user descriptor if username is known and None otherwise
- Return type:
User | None
- async known_username(username: str | None) bool
check if user is known
- Parameters:
username (str | None) – username
- Returns:
True in case if user is known and can be authorized and False otherwise
- Return type:
bool
- async verify_access(username: str, required: UserAccess, context: str | None) bool
validate if user has access to requested resource
- Parameters:
username (str) – username
required (UserAccess) – required access level
context (str | None) – URI request path
- Returns:
True in case if user is allowed to do this request and False otherwise
- Return type:
bool
ahriman.core.auth.oauth module
- class OAuth(configuration: Configuration, database: SQLite, provider: AuthSettings = AuthSettings.OAuth)
Bases:
Mapping
User authorization implementation via OAuth. It is required to create application first and put application credentials.
- client_id
application client id
- Type:
str
- client_secret
application client secret key
- Type:
str
- icon
icon to be used in login control
- Type:
str
- provider
provider class, should be one of aiohttp-client provided classes
- Type:
aioauth_client.OAuth2Client
- redirect_uri
redirect URI registered in provider
- Type:
str
- scopes
list of scopes required by the application
- Type:
str
default constructor
- Parameters:
configuration (Configuration) – configuration instance
database (SQLite) – database instance
provider (AuthSettings, optional) – authorization type definition (Default value = AuthSettings.OAuth)
- get_client() OAuth2Client
load client from parameters
- Returns:
generated client according to current settings
- Return type:
aioauth_client.OAuth2Client
- get_oauth_url() str
get authorization URI for the specified settings
- Returns:
authorization URI as a string
- Return type:
str
- async get_oauth_username(code: str) str | None
extract OAuth username from remote
- Parameters:
code (str) – authorization code provided by external service
- Returns:
username as is in OAuth provider
- Return type:
str | None
- static get_provider(name: str) type[OAuth2Client]
load OAuth2 provider by name
- Parameters:
name (str) – name of the provider. Must be valid class defined in aioauth-client library
- Returns:
loaded provider type
- Return type:
type[aioauth_client.OAuth2Client]
- Raises:
OptionError – in case if invalid OAuth provider name supplied
- property auth_control: str
get authorization html control
- Returns:
login control as html code to insert
- Return type:
str