Metadata-Version: 2.0
Name: pyramid-persona
Version: 1.6.1
Summary: pyramid_persona
Home-page: https://github.com/madjar/pyramid_persona
Author: Georges Dubus
Author-email: georges.dubus@gmail.com
License: UNKNOWN
Keywords: web pyramid pylons authentication persona
Platform: UNKNOWN
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 3
Classifier: Framework :: Pyramid
Classifier: Topic :: Internet :: WWW/HTTP
Requires-Dist: pyramid (>=1.4)
Requires-Dist: PyBrowserID
Requires-Dist: requests (>=1.0)
Requires-Dist: MarkupSafe

pyramid_persona
===============

`pyramid_persona` let you quickly set up authentication using persona_
on your pyramid_ project. It provides a way to conveniently replace
the login form and all the processing and security concerns that comes
with it. It aims at giving as much as possible with as little
configuration as possible, while still letting you customize if you
want. If you want to see some screenshots of the demo app, take a look
at this `blog post`_.

You can find it on pypi_ as `pyramid_persona`. Also don't forget to check the documentation_.

.. _persona: https://login.persona.org/
.. _pyramid: http://www.pylonsproject.org/
.. _pypi: http://pypi.python.org/pypi/pyramid_persona
.. _`blog post`: http://compiletoi.net/quick-authentication-on-pyramid-with-persona.html
.. _documentation: https://pyramid_persona.readthedocs.org/en/latest/

Very basic usage
----------------

First of all, include `pyramid_persona`. Add this in your project configuration ::

    config.include("pyramid_persona")

Then, we need two little lines in your config files : a secret used to sign cookies, and the audience,
the hostname and port of your website (this is needed for security reasons)::

    persona.secret = This is some secret string
    persona.audiences = http://localhost:6543

There, we're done. We now have a nice forbidden view with a persona login button.

Less basic usage
----------------

`pyramid_persona` also provides you a way to easily put a login or logout button on your pages. To do so, you need to
include jquery, the persona library, and some application-specific in your heads. The application specific javascript
can be accessed as `request.persona_js`.

Then, you can add the button in your page. `request.persona_button` provides a login if the user is not logged in, and
a logout button if they are.

A basic page might be (using mako) ::

    <html>
    <head>
        <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
        <script src="https://login.persona.org/include.js" type="text/javascript"></script>
        <script type="text/javascript">${request.persona_js}</script>
    </head>
    <body>
    Hello ${user}
    ${request.persona_button}
    </body>
    </html>

Customized buttons
------------------

You can also use your own buttons. For that, you have to include the javascript like in the previous section and give
your login and logout button the `signin` and `signout` classes. For example ::

    <button id='signin'>login</button>
    <button id='signout'>logout</button>

What it does
------------

`pyramid_persona` *is* a login system. It replaces login forms and
views, and the need to handle passwords.

`pyramid_persona` *is not* an authentication policy. It only handles
the login process and requires an authentication policy to remember
the user between requests (`SessionAuthenticationPolicy` is used by
default).

Here is, in details, what including `pyramid_persona` does :

- it defines an authentication policy, an authorization policy, and a session factory     (this is needed for csrf
  protection, and is why we need a secret). Defaults are  `SessionAuthenticationPolicy`, `ACLAuthorizationPolicy` and
  `UnencryptedCookieSessionFactoryConfig`. You can override it if you prefer.
- it adds a `persona_js` request attribute containing the javascript code needed to make persona work.
- it adds a `persona_button` request attribute containing html code for quickly putting a login button.
- it defines the `/login` and `/logout` views to handle the persona workflow.
- it defines a basic forbidden view with a login button.

You can replace any part you like if the default behaviour doesn't
work for you and the configuration isn't enough.

Contact
-------

This project is made by Georges Dubus (`@georgesdubus`_). Bug reports and pull requests are welcome.

.. _`@georgesdubus`: https://twitter.com/georgesdubus


1.6.1
-----

- Forgot to add a changelog to the previous release

1.6
---

- Allow setting (optional) came_from value with url parameter
- Switch to SignedCookieSessionFactory

1.5
---

- Added `success` to the login view response, to state whether the login attempt was successful, and whether the user should be considered as logged-in.
- Added support for the new backgroundColor option, to change the color of the login dialog.

1.4
---

- Changed the login views and the javascript code to implemente mozilla recommended practices. `logout` is now called after an error in the login view, and the format of the login view has changed.

1.3.1
-----

- Made all views not required any permission even if a default permission is set.

1.3
---

- Depends on pyramid 1.4
- Added some real docs
- Added documentation on how to do extra work at login, and made the internal changes for it to work.
- Added logging in case of failed login.
- Switched to a AuthTktAuthenticationPolicy so that the login doesn't expire with the session.

1.2
---

- Fixed a bug that would cause the login to fail when the login route was not at '/login'.

1.1
---

- Added an example app in demo/.
- Fixed compatibility with pyramid 1.3.
- Renamed the setting persona.audience to persona.audiences to match the PyBrowserID API.
- Added the "persona.verifier" setting to change the verifier.
- Added various settings to customize the login dialog.
- Compatibility with python 3.

1.0
---

-  Initial version


