lg_authority - A general purpose, multi-backend capable authentication and permissions framework for CherryPy. ================================================= Dependencies ============ Required: cherrypy Optional: pymongo - For MongoDB backend python-openid - For Open ID support Installation ============ 1. git clone git://github.com/wwoods/lamegame_cherrypy_authority.git 2. cd lamegame_cherrypy_authority 3. sudo python setup.py install (or python setup.py install --user to install without sudo) Example Usage (just want to block out non-logged-in users) ========================================================== import cherrypy import lg_authority @lg_authority.groups('auth') class Root(object): auth = lg_authority.AuthRoot() @cherrypy.expose def index(self): return "Logged in!" cherrypy.config.update({ 'tools.lg_authority.on': True, # Uncomment the following two lines to persist changed user / group data # 'tools.lg_authority.site_storage': 'sqlite3', # 'tools.lg_authority.site_storage_conf': { 'file': 'test.db' } }) cherrypy.quickstart(Root()) Storage Options =============== The different storage options are laid out in lg_authority/slates/storage. Currently, there are the following and their options: ram - Store session and user data in memory only; it will get erased when the server restarts, and does not support coordination between different instances. Options: No options. sqlite3 - Store session in a sqlite3 file database. Data is persisted through the file. Options: file - The file to store session and user information in. pymongo - Store session information in a mongodb backend. Options: host - The host address of the mongodb server to connect to port - The port db - The name of the mongodb database to store auth collections in collection_base - An optional prefix for all of the collections created and maintained by lg_authority. OpenID ====== Being an openID server ====================== If python-openid is installed, then there is an OpenID endpoint set up automatically at (authroot)/openid. If you would like your site root to be an open ID endpoint, put the following meta tag in the index page (e.g. http://www.lamegameproductions.com): <meta http-equiv="x-xrds-location" content="https://www.lamegameproductions.com/auth/openid/xrds" /> Replace www.lamegameproductions.com/auth with your auth root. It is probably wise to ensure that the xrds location is accessed through https. Users may also use the /auth/openid URL as an endpoint, even if you don't put that meta tag on your root.