Issue with Authorization policy
ikit opened this issue · comments
Olivier Gueudelot commented
Hi,
I'm trying to use aiohttp_security on my website, I'm testing the demo code with a custom Policy (as I don't have sql database)
below the code for my policy :
from aiohttp_session import setup as setup_session
from aiohttp_session.cookie_storage import EncryptedCookieStorage
from aiohttp_security import setup as setup_security
from aiohttp_security import SessionIdentityPolicy
from aiohttp_security.abc import AbstractAuthorizationPolicy
class TestAuthorizationPolicy(AbstractAuthorizationPolicy):
def __init__(self):
pass
def authorized_userid(self, identity):
return identity
def permits(self, identity, permission, context=None):
return True
app = web.Application()
setup_session(app, EncryptedCookieStorage(key))
setup_security(app, SessionIdentityPolicy(), TestAuthorizationPolicy())
def user_role(role):
'''
Decorator that checks if a user has been authenticated and have the good role.
'''
def decorator(func):
async def wrapper(*args, **kwargs):
request = args[1]
if not await permits(request, role):
raise web.HTTPForbidden()
return await func(*args, **kwargs)
return wrapper
return decorator
The stacktrace of the error :
======== Running on http://127.0.0.1:8500/ ========
(Press CTRL+C to quit)
Error handling request
Traceback (most recent call last):
File "/home/olivier/Test/Test/venv/lib/python3.5/site-packages/aiohttp/server.py", line 261, in start
yield from self.handle_request(message, payload)
File "/home/olivier/Test/Test/venv/lib/python3.5/site-packages/aiohttp/web.py", line 88, in handle_request
resp = yield from handler(request)
File "/home/olivier/Test/Test/venv/lib/python3.5/site-packages/aiohttp_session/__init__.py", line 129, in middleware
response = yield from handler(request)
File "/home/olivier/Test/Test/test/web/handlers.py", line 79, in wrapper
if not await permits(request, role):
File "/home/olivier/Test/Test/venv/lib/python3.5/site-packages/aiohttp_security/api.py", line 73, in permits
access = yield from autz_policy.permits(identity, permission, context)
TypeError: 'bool' object is not iterable
It seems that somewhere in your code you try to iterate over the boolean returned by permits method ... but I don't see where ?
Zdzisław Krajewski commented
permits
and authorized_userid
should be async, thus return iterator.
In your code permits
returns bool
and it is being awaited here
Andrew Svetlov commented
@d21d3q thank you for your answer