Flexible authentication with cherrypy and repoze.who
I recently struggled with the amazing lack of clear examples on how to setup an easy, flexible and effective authentication and authorization system with cherrypy. The solution: Repoze.who and the cherrypy wsgi pipeline.
So you define a function that returns the middleware:
def setup_auth(app):
middleware = PluggableAuthenticationMiddleware(
app,
identifiers,
authenticators,
challengers,
mdproviders,
default_request_classifier,
default_challenge_decider,
log_stream = log_stream,
log_level = logging.DEBUG
)
return middleware
and then append that middleware to the pipeline.
if __name__ == “__main__”:
app = cherrypy.Application(Root())
app.wsgiapp.pipeline.append((‘repoze.who’, setup_auth))
cherrypy.quickstart(app, config=’workbench.conf’)
Easy!
Neat! you can also just set the class and ditch the wrapper (although you’d have to set all the args in config if you did that):
app.wsgiapp.pipeline.append((‘repozewho’, PluggableAuthenticationMiddleware))
Note you can do the same in config:
[/]
wsgi.pipeline: [(‘repozewho’, PluggableAuthenticationMiddleware)]
wsgi.repozewho.identifiers: […]
wsgi.repozewho.authenticators: […]
Thanks! I noticed you logged in with OpenID; have you used the repozewho openid plugin?
http://quantumcore.org/docs/repoze.who.plugins.openid/index.html
What do you think about implementing OpenID for an app with a mostly non-technical user base?