Refactor main configuration in __init__.py, enhance RootFactory ACL handling in …

…users.py, and improve identity authentication in security.py

opensipkd/base/__init__.py

@@ -389,7 +389,7 @@ def main(global_config, **settings):
     BASE_CLASS.route_from_list(config)
     BASE_CLASS.route_from_list(config)
     BASE_CLASS.static_view(config, settings=settings)
     BASE_CLASS.static_view(config, settings=settings)
     config.add_subscriber(add_global_render, BeforeRender)
     config.add_subscriber(add_global_render, BeforeRender)
-        
+    config.scan()
     # _logging.debug(config)
     # _logging.debug(config)
     return config.make_wsgi_app()
     return config.make_wsgi_app()
 
 

opensipkd/base/models/users.py

@@ -265,6 +265,12 @@ class Group(_Group, Base, DefaultModel):
 # It is used when there is a web request.
 # It is used when there is a web request.
 class RootFactory:
 class RootFactory:
     def __init__(self, request):
     def __init__(self, request):
+        if not request.authenticated_userid:
+            self.__acl__ = [
+                # (Allow, Everyone, 'view'),
+            ]
+            return
+        
         gr = DBSession.query(Group).filter_by(group_name="Superuser").first()
         gr = DBSession.query(Group).filter_by(group_name="Superuser").first()
         gr_id = gr and gr.id or 1
         gr_id = gr and gr.id or 1
         self.__acl__ = [
         self.__acl__ = [

opensipkd/base/security.py

-from inspect import signature
 import logging
 import logging
 
 
 # from opensipkd.tools import get_params
 # from opensipkd.tools import get_params
 from .models.users import (User, UserGroup, DBSession, )
 from .models.users import (User, UserGroup, DBSession, )
-from pyramid.security import remember, forget
 
 
 log = logging.getLogger(__name__)
 log = logging.getLogger(__name__)
 
 
@@ -65,13 +63,17 @@ class MySecurityPolicy:
     def identity(self, request):
     def identity(self, request):
         log.debug("MySecurityPolicy.identity")
         log.debug("MySecurityPolicy.identity")
         identity = self.helper.identify(request)
         identity = self.helper.identify(request)
-        if identity is None:
-            try:
-                user = auth_from_rpc(request)
-                identity = {'userid': user.id}
-            except Exception as e:
-                log.warning("Failed to authenticate from RPC: %s", e)
-                return None
+        if identity is None :
+            env = request.environ
+            if 'HTTP_USERID' in env and 'HTTP_SIGNATURE' in env and 'HTTP_KEY' in env:
+                try:
+                    user = auth_from_rpc(request)
+                    identity = {'userid': user.id}
+                except Exception as e:
+                    log.warning("Failed to authenticate from RPC: %s", e)
+                    return 
+            else:
+                return
 
 
         userid = identity['userid']
         userid = identity['userid']
         principals = group_finder(userid, request)
         principals = group_finder(userid, request)

opensipkd/base/views/__init__.py

 import logging
 import logging
-
 from translationstring import TranslationStringFactory
 from translationstring import TranslationStringFactory
 import colander
 import colander
 from pyramid.httpexceptions import (
 from pyramid.httpexceptions import (
@@ -9,9 +8,7 @@ from pyramid.interfaces import IRoutesMapper
 from pyramid.view import view_config
 from pyramid.view import view_config
 from opensipkd.base import get_params, get_home
 from opensipkd.base import get_params, get_home
 from pyramid.renderers import render_to_response
 from pyramid.renderers import render_to_response
-#, get_urls
 from .base_views import BaseView
 from .base_views import BaseView
-#, DataTables
 from datetime import timedelta
 from datetime import timedelta
 from opensipkd.detable import *
 from opensipkd.detable import *
 from .common import ColumnDT, DataTables
 from .common import ColumnDT, DataTables