actingweb code¶
Submodules¶
actingweb.actor module¶
-
class
actingweb.actor.
Actor
(actor_id=None, config=None)[source]¶ Bases:
object
-
create
(url, creator, passphrase, actor_id=None, delete=False)[source]¶ “Creates a new actor and persists it.
If delete is True, any existing actors with same creator value will be deleted. If it is False, the one with the correct passphrase will be chosen (if any)
-
create_reciprocal_trust
(url, secret=None, desc='', relationship='', trust_type='')[source]¶ Creates a new reciprocal trust relationship locally and by requesting a relationship from a peer actor.
-
create_remote_subscription
(peerid=None, target=None, subtarget=None, resource=None, granularity=None)[source]¶ Creates a new subscription at peerid.
-
create_subscription
(peerid=None, target=None, subtarget=None, resource=None, granularity=None, subid=None, callback=False)[source]¶
-
create_verified_trust
(baseuri='', peerid=None, approved=False, secret=None, verification_token=None, trust_type=None, peer_approved=None, relationship=None, desc='')[source]¶ Creates a new trust when requested and call backs to initiating actor to verify relationship.
-
delete_reciprocal_trust
(peerid=None, delete_peer=False)[source]¶ Deletes a trust relationship and requests deletion of peer’s relationship as well.
-
delete_subscription
(peerid=None, subid=None, callback=False)[source]¶ Deletes a specified subscription
-
get
(actor_id: str = None) → dict[source]¶ Retrieves an actor from storage or initialises if it does not exist
-
get_from_creator
(creator=None)[source]¶ Initialise an actor by matching on creator.
If unique_creator config is False, then no actor will be initialised. Likewise, if multiple properties are found with the same value (due to earlier uniqueness off).
-
get_from_property
(name='oauthId', value=None)[source]¶ Initialise an actor by matching on a stored property.
Use with caution as the property’s value de-facto becomes a security token. If multiple properties are found with the same value, no actor will be initialised. Also note that this is a costly operation as all properties of this type will be retrieved and proceessed.
-
get_peer_info
(url: str) → dict[source]¶ Contacts an another actor over http/s to retrieve meta information :param url: Root URI of a remote actor :rtype: dict :return: The json response from the /meta path in the data element and last_response_code/last_response_message set to the results of the https request :Example:
>>>{ >>> “last_response_code”: 200, >>> “last_response_message”: “OK”, >>> “data”:{} >>>}
-
get_peer_trustee
(shorttype=None, peerid=None)[source]¶ Get a peer, either existing or create it as trustee
Will retrieve an existing peer or create a new and establish trust. If no trust exists, a new trust will be established. Use either peerid to target a specific known peer, or shorttype to allow creation of a new peer if none exists
-
get_property
(name)[source]¶ Retrieves a property object named name. (DEPRECATED, use actor’s property store!)
-
get_subscription
(peerid=None, subid=None, callback=False)[source]¶ Retrieves a single subscription identified by peerid and subid.
-
get_subscription_obj
(peerid=None, subid=None, callback=False)[source]¶ Retrieves a single subscription identified by peerid and subid.
-
get_subscriptions
(peerid=None, target=None, subtarget=None, resource=None, callback=False)[source]¶ Retrieves subscriptions from db.
-
get_trust_relationships
(relationship='', peerid='', trust_type='')[source]¶ Retrieves all trust relationships or filtered.
-
modify_trust_and_notify
(relationship=None, peerid=None, baseuri='', secret='', desc='', approved=None, verified=None, verification_token=None, peer_approved=None)[source]¶ Changes a trust relationship and noties the peer if approval is changed.
-
actingweb.attribute module¶
-
class
actingweb.attribute.
Attributes
(actor_id=None, bucket=None, config=None)[source]¶ Bases:
object
Attributes is the main entity keeping an attribute.
It needs to be initalized at object creation time.
actingweb.auth module¶
-
class
actingweb.auth.
Auth
(actor_id, auth_type='basic', config=None)[source]¶ Bases:
object
The auth class handles authentication and authorisation for the various schemes supported.
The helper function init_actingweb() can be used to give you an auth object and do authentication (or can be called directly). The check_authentication() function checks the various authentication schemes against the path and does proper authentication. There are three types supported: basic (using creator credentials), token (received when trust is created), or oauth (used to bind an actor to an oauth-enabled external service, as well as to log into /www path where interactive web functionality of the actor is available). The check_authorisation() function validates the authenticated user against the config.py access list. check_token_auth() can be called from outside the class to do a simple peer/bearer token verification. The OAuth helper functions are used to: process_oauth_callback() - process an OAuth callback as part of an OAuth flow and exchange code with a valid token validate_oauth_token() - validate and, if necessary, refresh a token set_cookie_on_cookie_redirect() - set a session cookie in the browser to the token value (called AFTER OAuth has been done!)
The response[], acl[], and authn_done variables are useful outside Auth(). authn_done is set when authentication has been done and a final authentication status can be found in response[].
self.response = {
“code”: 403, # Result code (http) “text”: “Forbidden”, # Proposed response text “headers”: [], # Headers to add to response after authentication has been done}
self.acl = {
“authenticated”: False, # Has authentication been verified and passed? “authorised”: False, # Has authorisation been done and appropriate acls set? “rights”: ‘’, # “a”, “r” (approve or reject) “relationship”: None, # E.g. creator, friend, admin, etc “peerid”: ‘’, # Peerid if there is a relationship “approved”: False, # True if the peer is approved}
-
check_authentication
(appreq, path)[source]¶ Checks authentication in appreq, redirecting back to path if oauth is done.
Checks if the authenticated user has acl access rights in config.py.
Takes the path, subpath, method, and peerid of the path (if auth user is different from the peer that owns the path, e.g. creator). If approved is False, then the trust relationship does not need to be approved for access
-
check_token_auth
(appreq)[source]¶ Called with an http request to check the Authorization header and validate if we have a peer with this token.
-
oauth_delete
(url=None)[source]¶ Used to call DELETE from the attached oauth service.
Uses oauth.delete_request((), but refreshes token if necessary. The function fails if token is invalid and no refresh is possible. For web-based flows, validate_oauth_token() needs to be used to validate token and get redirect URI for new authorization flow.
-
oauth_get
(url=None, params=None)[source]¶ Used to call GET from the attached oauth service.
Uses oauth.get_request(), but refreshes token if necessary. The function fails if token is invalid and no refresh is possible. For web-based flows, validate_oauth_token() needs to be used to validate token and get redirect URI for new authorization flow.
-
oauth_head
(url=None, params=None)[source]¶ Used to call HEAD from the attached oauth service.
Uses oauth.head_request((), but refreshes token if necessary. The function fails if token is invalid and no refresh is possible. For web-based flows, validate_oauth_token() needs to be used to validate token and get redirect URI for new authorization flow.
-
oauth_post
(url=None, params=None, urlencode=False)[source]¶ Used to call POST from the attached oauth service.
Uses oauth.post_request(), but refreshes token if necessary. The function fails if token is invalid and no refresh is possible. For web-based flows, validate_oauth_token() needs to be used to validate token and get redirect URI for new authorization flow.
-
oauth_put
(url=None, params=None, urlencode=False)[source]¶ Used to call PUT from the attached oauth service.
Uses oauth.put_request(), but refreshes token if necessary. The function fails if token is invalid and no refresh is possible. For web-based flows, validate_oauth_token() needs to be used to validate token and get redirect URI for new authorization flow.
-
process_oauth_callback
(code)[source]¶ Called when a callback is received as part of an OAuth flow to exchange code for a bearer token.
Called after successful auth to set the cookie with the token value.
-
-
actingweb.auth.
add_auth_response
(appreq=None, auth_obj=None)[source]¶ Called after init_actingweb() if add_response was set to False, and now responses should be added.
-
actingweb.auth.
init_actingweb
(appreq=None, actor_id=None, path='', subpath='', add_response=True, config=None)[source]¶ Initialises actingweb by loading a config object, an actor object, and authentication object.
More details about the authentication can be found in the auth object. If add_response is True, appreq.response will be changed according to authentication result. If False, appreq will not be touched. authn_done (bool), response[‘code’], response[‘text’], and response[‘headers’] will indicate results of the authentication process and need to be acted upon. 200 is access approved 302 is redirect and auth_obj.redirect contains redirect location where response must be redirected 401 is authentication required, response[‘headers’] must be added to response 403 is forbidden, text in response[‘text’]
actingweb.aw_proxy module¶
-
class
actingweb.aw_proxy.
AwProxy
(trust_target=None, peer_target=None, config=None)[source]¶ Bases:
object
Proxy to other trust peers to execute RPC style calls
Initialise with either trust_target to target a specific existing trust or use peer_target for simplicity to use the trust established with the peer.
actingweb.aw_web_request module¶
-
class
actingweb.aw_web_request.
AWRequest
(url=None, params=None, body=None, headers=None, cookies=None)[source]¶ Bases:
object
actingweb.config module¶
actingweb.on_aw module¶
-
class
actingweb.on_aw.
OnAWBase
[source]¶ Bases:
object
Base class to be extended to extend ActingWeb functionality
-
delete_properties
(path: list, old: dict, new: dict) → bool[source]¶ Called on DELETE to properties
Parameters: - path (list[str]) – Target path to be deleted
- old (dict) – Property value that will be deleted (or changed)
- new (dict) – Property value after path has been deleted
Returns: True if DELETE is allowed, False if 403 should be returned
Return type: bool
-
delete_resources
(name)[source]¶ Called on DELETE to resources. Return struct for json out.
Returning {} will give a 404 response back to requestor.
-
get_properties
(path: list, data: dict) → dict[source]¶ Called on GET to properties for transformations to be done
Parameters: - path (list[str]) – Target path requested
- data (dict) – Data retrieved from data store to be returned
Returns: The transformed data to return to requestor or None if 404 should be returned
Return type: dict or None
-
get_resources
(name)[source]¶ Called on GET to resources. Return struct for json out.
Returning {} will give a 404 response back to requestor.
-
post_properties
(prop: str, data: dict) → dict[source]¶ Called on POST to properties, once for each property
Parameters: - prop (str) – Property to be created
- data (dict) – The data to be stored in prop
Returns: The transformed data to store in prop or None if that property should be skipped and not stored
Return type: dict or None
-
post_resources
(name, params)[source]¶ Called on POST to resources. Return struct for json out.
Returning {} will give a 404 response back to requestor. Returning an error code after setting the response will not change the error code.
-
post_subscriptions
(sub, peerid, data)[source]¶ Customizible function to process incoming callbacks/subscriptions/ callback with json body, return True if processed, False if not.
-
put_properties
(path: list, old: dict, new: dict) → dict[source]¶ Called on PUT to properties for transformations to be done before save :param path: Target path requested to be updated :type path: list[str] :param old: Old data from database :type old: dict :param new: :type new: New data from PUT request (after merge) :return: The dict that should be stored or None if 400 should be returned and nothing stored :rtype: dict or None
-
actingweb.peertrustee module¶
actingweb.property module¶
-
class
actingweb.property.
Properties
(actor_id=None, config=None)[source]¶ Bases:
object
Handles all properties of a specific actor_id
Access the properties in .props as a dictionary
actingweb.subscription module¶
-
class
actingweb.subscription.
Subscription
(actor_id=None, peerid=None, subid=None, callback=False, config=None)[source]¶ Bases:
object
Base class with core subscription methods (storage-related)
-
create
(target=None, subtarget=None, resource=None, granularity=None, seqnr=1)[source]¶ Create new subscription and push it to db
-