Using the repoze.who Application Programming Interface (API)¶
Using repoze.who without Middleware¶
An application which does not use the repoze.who middleware needs to perform two separate tasks to use repoze.who machinery:
- At application startup, it must create an repoze.who.api:APIFactory instance, populating it with a request classifier, a challenge decider, and a set of plugins. It can do this process imperatively (see Configuring repoze.who via Python Code), or using a declarative configuration file (see Configuring repoze.who via Config File). For the latter case, there is a convenience function, repoze.who.config.make_api_factory_with_config():
# myapp/run.py
from repoze.who.config import make_api_factory_with_config
who_api_factory = None
def startup(global_conf):
global who_api_factory
who_api_factory = make_api_factory_with_config(global_conf,
'/path/to/who.config')
- When it needs to use the API, it must call the APIFactory, passing the WSGI environment to it. The APIFactory returns an object implementing the repoze.who.interfaces:IRepozeWhoAPI interface.
# myapp/views.py
from myapp.run import who_api_factory
def my_view(context, request):
who_api = who_api_factory(request.environ)
- Calling the APIFactory multiple times within the same request is allowed, and should be very cheap (the API object is cached in the request environment).
Mixed Use of repoze.who Middleware and API¶
An application which uses the repoze.who middleware may still need to interact directly with the IRepozeWhoAPI object for some purposes. In such cases, it should call repoze.who.api:get_api(), passing the WSGI environment.
from repoze.who.api import get_api
def my_view(context, request):
who_api = get_api(request.environ)
Alternately, the application might configure the APIFactory at startup, as above, and then use it to find the API object, or create it if it was not already created for the current request (e.g. perhaps by the middleware):
def my_view(context, request):
who_api = context.who_api_factory(request.environ)
