= Using Storm with Pylons and Repoze.who =

This example shows how to integrate Storm with [[http://static.repoze.org/whodocs/|Repoze.who]] in a Pylons application. Repoze.who is an identification and authentication framework for arbitrary WSGI applications. It acts as WSGI middleware.

{{{
$ paster create -t pylons WhoStorm
}}}

An repoze.who authenticator needs to be written to access a user table using ZStorm and validate a password.

This the authentication code ({{{whostorm/lib/stormauth.py}}}):

{{{#!python
from zope.interface import implements
from repoze.who.interfaces import IAuthenticator
from storm.zope.zstorm import global_zstorm

from whostorm.model.users import User


class StormAuthPlugin(object):

    implements(IAuthenticator)

    def __init__(self, store_name, store_uri):
        self.store_name = store_name
        self.store_uri = store_uri

    #IAuthenticatorPlugin
    def authenticate(self, environ, identity):
        try:
            login = unicode(identity['login'])
            password = unicode(identity['password'])
        except KeyError:
            return None

        store = global_zstorm.get(self.store_name, self.store_uri)
        user = store.find(User, User.name == login).one()
        if user is not None and user.validate_password(password):
            return user.id
        else:
            return None

    def __repr__(self):
        return '<%s %s>' % (self.__class__.__name__, id(self))


def make_plugin(store_name=None, store_uri=None):
    if store_name is None:
        raise ValueError('store_name must be specified')
    if store_uri is None:
        raise ValueError('store_uri must be specified')
    return StormAuthPlugin(store_name, store_uri)
}}}

Provide a model which defines a User class ({{{whostorm/model/users.py}}}):

Change method {{{validate_password}}} to check against hashed passwords.

{{{#!python
from storm.locals import *

class User(object):
    __storm_table__ = "Users"
    id = Int(primary=True)
    name = Unicode()
    password = Unicode()

    def validate_password(self, password):
        if self.password == password:
            return True
        return False
}}}

The example application will use basic HTTP authentication.

This is the repoze.who configuration file ({{{who.ini}}}):

{{{
[plugin:basicauth]
# identification and challenge
use = repoze.who.plugins.basicauth:make_plugin
realm = 'WhoStorm'

[plugin:stormauth]
# authentication using Storm ORM
use = whostorm.lib.stormauth:make_plugin
store_name = userdb
store_uri = sqlite:///%(here)s/whostorm/data/users.db

[general]
request_classifier = repoze.who.classifiers:default_request_classifier
challenge_decider = repoze.who.classifiers:default_challenge_decider

[identifiers]
plugins = basicauth

[authenticators]
plugins = stormauth

[challengers]
plugins = basicauth
}}}

A {{{development.ini}}} to tie it all together:

{{{
[app:whostorm]
use = egg:WhoStorm
full_stack = false

[filter:who]
use = egg:repoze.who#config
config_file = %(here)s/who.ini

[pipeline:main]
pipeline = egg:Paste#cgitb
           egg:Paste#httpexceptions
           who
           egg:repoze.who#authenticated
           whostorm
}}}

That's it.