[WIP] Feature/framework spec - do not merge!

flask_stormpath/config/default-config.yml

@@ -0,0 +1,254 @@
+client:
+  apiKey:
+    file: null
+    id: null
+    secret: null
+  cacheManager:
+    defaultTtl: 300
+    defaultTti: 300
+    caches:
+      account:
+        ttl: 300
+        tti: 300
+  baseUrl: "https://api.stormpath.com/v1"
+  connectionTimeout: 30
+  authenticationScheme: "SAUTHC1"
+  proxy:
+    port: null
+    host: null
+    username: null
+    password: null
+application:
+  name: null
+  href: null
+
+web:
+
+  basePath: null
+
+  oauth2:
+    enabled: true
+    uri: "/oauth/token"
+    client_credentials:
+      enabled: true
+      accessToken:
+        ttl: 3600
+    password:
+      enabled: true
+      validationStrategy: "local"
+
+  accessTokenCookie:
+    name: "access_token"
+    httpOnly: true
+
+    # See cookie-authentication.md for explanation of
+    # how `null` values behave for these properties.
+    secure: null
+    path: null
+    domain: null
+
+  refreshTokenCookie:
+    name: "refresh_token"
+    httpOnly: true
+
+    # See cookie-authentication.md for explanation of
+    # how `null` values behave for these properties.
+    secure: null
+    path: null
+    domain: null
+
+  # By default the Stormpath integration must respond to JSON and HTML
+  # requests.  If a requested type is not in this list, the response is 406.
+  # If the request does not specify an Accept header, or the preferred accept
+  # type is */*, the integration must respond with the first type in this
+  # list.
+
+  produces:
+    - application/json
+    - text/html
+
+  register:
+    enabled: true
+    uri: "/register"
+    nextUri: "/"
+    # autoLogin is possible only if the email verification feature is disabled
+    # on the default account store of the defined Stormpath
+    # application.
+    autoLogin: false
+    form:
+      fields:
+        givenName:
+          enabled: true
+          label: "First Name"
+          placeholder: "First Name"
+          required: true
+          type: "text"
+        middleName:
+          enabled: false
+          label: "Middle Name"
+          placeholder: "Middle Name"
+          required: true
+          type: "text"
+        surname:
+          enabled: true
+          label: "Last Name"
+          placeholder: "Last Name"
+          required: true
+          type: "text"
+        username:
+          enabled: true
+          label: "Username"
+          placeholder: "Username"
+          required: true
+          type: "text"
+        email:
+          enabled: true
+          label: "Email"
+          placeholder: "Email"
+          required: true
+          type: "email"
+        password:
+          enabled: true
+          label: "Password"
+          placeholder: "Password"
+          required: true
+          type: "password"
+        confirmPassword:
+          enabled: false
+          label: "Confirm Password"
+          placeholder: "Confirm Password"
+          required: true
+          type: "password"
+      fieldOrder:
+        - "username"
+        - "givenName"
+        - "middleName"
+        - "surname"
+        - "email"
+        - "password"
+        - "confirmPassword"
+    template: "flask_stormpath/register.html"
+
+  # Unless verifyEmail.enabled is specifically set to false, the email
+  # verification feature must be automatically enabled if the default account
+  # store for the defined Stormpath application has the email verification
+  # workflow enabled.
+  verifyEmail:
+    enabled: null
+    uri: "/verify"
+    nextUri: "/login"
+    template: "flask_stormpath/verify.html"
+
+  login:
+    enabled: true
+    uri: "/login"
+    nextUri: "/"
+    template: "flask_stormpath/login.html"
+    form:
+      fields:
+        login:
+          enabled: true
+          label: "Username or Email"
+          placeholder: "Username or Email"
+          required: true
+          type: "text"
+        password:
+          enabled: true
+          label: "Password"
+          placeholder: "Password"
+          required: true
+          type: "password"
+      fieldOrder:
+        - "login"
+        - "password"
+
+  logout:
+    enabled: true
+    uri: "/logout"
+    nextUri: "/"
+
+  # Unless forgotPassword.enabled is explicitly set to false, this feature
+  # will be automatically enabled if the default account store for the defined
+  # Stormpath application has the password reset workflow enabled.
+  forgotPassword:
+    enabled: null
+    uri: "/forgot"
+    template: "flask_stormpath/forgot_change.html"
+    nextUri: "/login?status=forgot"
+
+  # Unless changePassword.enabled is explicitly set to false, this feature
+  # will be automatically enabled if the default account store for the defined
+  # Stormpath application has the password reset workflow enabled.
+  changePassword:
+    enabled: null
+    autoLogin: false
+    uri: "/change"
+    nextUri: "/login?status=reset"
+    template: "flask_stormpath/forgot_change.html"
+    errorUri: "/forgot?status=invalid_sptoken"
+
+  # If idSite.enabled is true, the user should be redirected to ID site for
+  # login, registration, and password reset.  They should also be redirected
+  # through ID Site on logout.
+  idSite:
+    enabled: false
+    uri: "/idSiteResult"
+    nextUri: "/"
+    loginUri: ""
+    forgotUri: "/#/forgot"
+    registerUri: "/#/register"
+
+  # Social login configuration.  This defines the callback URIs for OAuth
+  # flows, and the scope that is requested of each provider.  Some providers
+  # want space-separated scopes, some want comma-separated.  As such, these
+  # string values should be passed directly, as defined.
+  #
+  # These settings have no affect if the application does not have an account
+  # store for the given provider.
+
+  social:
+    facebook:
+      uri: "/callbacks/facebook"
+      scope: "email"
+    github:
+      uri: "/callbacks/github"
+      scope: "user:email"
+    google:
+      uri: "/callbacks/google"
+      scope: "email profile"
+    linkedin:
+      uri: "/callbacks/linkedin"
+      scope: "r_basicprofile, r_emailaddress"
+
+  # The /me route is for front-end applications, it returns a JSON object with
+  # the current user object.  The developer can opt-in to expanding account
+  # resources on this enpdoint.
+  me:
+    enabled: true
+    uri: "/me"
+    expand:
+      apiKeys: false
+      applications: false
+      customData: false
+      directory: false
+      groupMemberships: false
+      groups: false
+      providerData: false
+      tenant: false
+
+  # If the developer wants our integration to serve their Single Page
+  # Application (SPA) in response to HTML requests for our default routes,
+  # such as /login, then they will need to enable this feature and tell us
+  # where the root of their SPA is.  This is likely a file path on the
+  # filesystem.
+  #
+  # If the developer does not want our integration to handle their SPA, they
+  # will need to configure the framework themeslves and remove 'text/html'
+  # from `stormpath.web.produces`, so that we don not serve our default
+  # HTML views.
+  spa:
+    enabled: false
+    view: index
+
+  unauthorized:
+    view: "unauthorized"

flask_stormpath/context_processors.py

@@ -1,7 +1,6 @@
 """Custom context processors to make template development simpler."""
 
 
-from flask import current_app
 from flask.ext.login import _get_user