The act of proving the identity of a computer system user. Authentication in the context of web applications is usually performed by submitting a username or ID and a piece of private information (factor) such as a password.
In Raider the authentication process is defined by a series of Flow objects. Those are extracted from the _authentication variable in the hyfiles, and stored inside an
Authenticationobject. It’s also accessible from the
>>> import raider >>> app = raider.Raider("my_app") >>> app.authentication <raider.authentication.Authentication object at 0x7fbf25842dc0>
A factor can be something the user knows (passwords, security questions, etc…), something they have (bank card, USB security key, etc…), something they are (fingerprint, eye iris, etc..) or somewhere they are (GPS location, known WiFi connection, etc…).
- Finite state machine¶
A mathematical model of computation abstracting a process that can be only in one of a finite number of states at any given time. Check the Wikipedia article for more information, since it explains this better than me anyways.
A Raider class implementing stages. To create a
Flowobject, you need to give it a name, a
Requestobject, and optionally outputs and operations. Check the Flow configuration page for more information.
The documentation uses the term hyfiles to refer to any
*.hyfile inside the project’s configuration directory. Each will be evaluated in alphabetical order by Raider.
The objects created in previous files are all available in the next file, since all the
locals()get preserved and loaded again when reading the next file. A common practice is to prepend the file names with two digits and an underscore, for example
- Multi-factor authentication (MFA)¶
When used inside a Request, Plugins acts as input and replace themselves with the actual value.
When used inside the Flow’s
:outputparameter, Plugins act as outputs from the HTTP response, and store the extracted value for later use.
A HTTP request with the defined inputs. In Raider it’s implemented as a separate class
Request. This however is not used directly most of the times, but as an argument when creating the Flow object in hyfiles.
When used inside a Request, a Plugin will replace itself with its actual value during runtime.
A HTTP response from which the outputs are extracted and stored inside the Plugins.
A Raider concept describing the information exchange between the client and server, containing one request and the respective response.