A WSGI app that allows you to add another factor of authentication to any application server.
Project description
Introduction
factored is a wsgi application that forces authentication before is passed to the wsgi application.
This can also be used as a proxy for non-wsgi apps.
Install
using virtualenv:
virtualenv factored cd factored git clone git://github.com/vangheem/factored.git cd factored ../bin/python setup.py develop ../bin/initializedb develop.ini ../bin/adduser development.ini --username=john@foo.bar ../bin/paster serve develop.ini ../bin/removeuser development.ini --username=john@foo.bar
Configuration
Must follow the example develop.ini provided. You’ll probably want to copy that file into your own and change the settings.
Edit server and port settings for application server if not using with another wsgi application.
Paste configuration options
- auth_tkt. prefixed options
Configuration options that are passed directly into repoze.who’s auth_tkt plugin.
- base_auth_url
Base url all authentication urls and resources are based off of. Useful if you’re only looking to authenticate a portion of a site.
- supported_auth_schemes
Supported authentication schemes.
- email_auth_window
If using email authentication, the window of time the user has to enter correct code in.
- email_auth.subject
Email authencation subject used.
- email_auth.sender
Email authentication from address.
- email_auth.body
Email Authentication text body. {code} will be replaced with the code.
- pyramid. prefixed options
Configuration passed directly into pyramid configuration.
- sqlalchemy.url
Connection string for sql backend. Most configurations will work fine with normal sqlite.
- mail. prefixed options
Configuration passed directly to the mailer plugin. Options can be found at http://packages.python.org/pyramid_mailer/#configuration
Nginx Example Configuration
An example setup with nginx and load balancing:
server { listen 80; server_name www.test.com; include proxy.conf; # paths to protect location ~ ^/admin.* { proxy_pass http://127.0.0.1:8000; } location / { proxy_pass http://app; } } server { listen 8090; include proxy.conf; location / { proxy_pass http://app; } }
Then factored would be configured to run on port 8000 and proxy to 8090 and have base_auth_url url set to /admin/auth.
Sample Paste Configuration
An example to follow if you’re not using a git checkout:
[app:proxy] use = egg:factored#simpleproxy server = 127.0.0.1 port = 8090 [filter-app:main] use = egg:factored#main next = proxy auth_tkt.secret = REPLACEME auth_tkt.cookie_name = factored auth_tkt.secure = false auth_tkt.include_ip = true auth_tkt.timeout = 12345 auth_tkt.reissue_time = 1234 base_auth_url = /auth supported_auth_schemes = Google Auth Email email_auth_window = 120 # in seconds email_auth.subject = Authentication Request email_auth.sender = foo@bar.com email_auth.body = You have requested authentication. You're temporary access code is: {code} pyramid.reload_templates = true pyramid.debug_authorization = true pyramid.debug_notfound = true pyramid.debug_routematch = true pyramid.default_locale_name = en pyramid.includes = pyramid_tm pyramid_mailer sqlalchemy.url = sqlite:///%(here)s/test.db # all mail settings can be found at http://packages.python.org/pyramid_mailer/#configuration mail.host = localhost mail.port = 25 [server:main] use = egg:Paste#http # Change to 0.0.0.0 to make public: host = 127.0.0.1 port = 8000
With Gunicorn
Install:
../bin/easy_install gunicorn
to run:
../bin/gunicorn_paste --workers=2 develop.ini
Changelog
1.0a1 (2012-03-23)
Initial release
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.