cubicweb: pyramid_cubicweb/auth.py@4ced3782b90f (annotated)

11533 4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	1	import datetime
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	2	import logging
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	3	import warnings
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	4
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	5	from pyramid.authorization import ACLAuthorizationPolicy
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	6	from pyramid_cubicweb.core import get_principals
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	7
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	8	from pyramid.authentication import AuthTktAuthenticationPolicy
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	9
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	10	log = logging.getLogger(__name__)
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	11
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	12
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	13	class CubicWebAuthTktAuthenticationPolicy(AuthTktAuthenticationPolicy):
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	14	"""An authentication policy that update the user last_login_time.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	15
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	16	The update is done in the 'remember' method, which is called on login,
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	17	and each time the authentication ticket is reissued.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	18
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	19	Meaning, the last_login_time is updated reissue_time seconds (maximum)
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	20	before the last request by the user.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	21	"""
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	22
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	23	def remember(self, request, principal, **kw):
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	24	headers = super(CubicWebAuthTktAuthenticationPolicy, self).remember(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	25	request, principal, **kw)
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	26	try:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	27	repo = request.registry['cubicweb.repository']
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	28	with repo.internal_cnx() as cnx:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	29	cnx.execute(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	30	"SET U last_login_time %(now)s WHERE U eid %(user)s", {
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	31	'now': datetime.datetime.now(),
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	32	'user': principal})
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	33	cnx.commit()
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	34	except:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	35	log.exception("Failed to update last_login_time")
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	36	return headers
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	37
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	38
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	39	def includeme(config):
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	40	secret = config.registry['cubicweb.config']['pyramid-auth-secret']
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	41
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	42	if not secret:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	43	secret = 'notsosecret'
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	44	warnings.warn('''
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	45
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	46	!! WARNING !! !! WARNING !!
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	47
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	48	The authentication cookies are signed with a static secret key.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	49	To put your own secret key, edit your all-in-one.conf file
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	50	and set the 'pyramid-auth-secret' key.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	51
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	52	YOU SHOULD STOP THIS INSTANCE unless your really know what you
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	53	are doing !!
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	54
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	55	''')
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	56
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	57	config.set_authentication_policy(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	58	CubicWebAuthTktAuthenticationPolicy(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	59	secret, callback=get_principals, hashalg='sha512',
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	60	reissue_time=3600))
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	61	config.set_authorization_policy(ACLAuthorizationPolicy())

author	Christophe de Vienne <christophe@unlish.com>
	Sat, 03 Jan 2015 01:24:38 +0100
changeset 11533	4ced3782b90f
child 11537	caf268942436
permissions	-rw-r--r--