cubicweb: doc/book/en/devrepo/repo/sessions.rst@569324f890d7 (annotated)

1714 a721966779be new book layout, do not compile yet sylvain.thenault@logilab.fr parents: diff changeset	1	.. -- coding: utf-8 --
a721966779be new book layout, do not compile yet sylvain.thenault@logilab.fr parents: diff changeset	2
a721966779be new book layout, do not compile yet sylvain.thenault@logilab.fr parents: diff changeset	3	Sessions
a721966779be new book layout, do not compile yet sylvain.thenault@logilab.fr parents: diff changeset	4	========
a721966779be new book layout, do not compile yet sylvain.thenault@logilab.fr parents: diff changeset	5
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	6	Sessions are objects linked to an authenticated user. The `Session.new_cnx`
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	7	method returns a new Connection linked to that session.
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	8
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	9	Connections
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	10	===========
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	11
10333 569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	12	Connections provide the `.execute` method to query the data sources, along with
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	13	`.commit` and `.rollback` methods for transaction management.
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	14
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	15	Kinds of connections
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	16	--------------------
2112 df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	17
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	18	There are two kinds of connections.
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	19
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	20	* `normal connections` are the most common: they are related to users and
2112 df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	21	carry security checks coming with user credentials
df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	22
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	23	* `internal connections` have all the powers; they are also used in only a
2112 df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	24	few situations where you don't already have an adequate session at
df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	25	hand, like: user authentication, data synchronisation in
df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	26	multi-source contexts
df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	27
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	28	Normal connections are typically named `_cw` in most appobjects or
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	29	sometimes just `session`.
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	30
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	31	Internal connections are available from the `Repository` object and are
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	32	to be used like this:
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	33
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	34	.. sourcecode:: python
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	35
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	36	with self.repo.internal_cnx() as cnx:
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	37	do_stuff_with(cnx)
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	38	cnx.commit()
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	39
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	40	Connections should always be used as context managers, to avoid leaks.
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	41
10333 569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	42
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	43	Python/RQL API
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	44	~~~~~~~~~~~~~~
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	45
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	46	The Python API developped to interface with RQL is inspired from the standard db-api,
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	47	but since `execute` returns its results directly, there is no `cursor` concept.
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	48
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	49	.. sourcecode:: python
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	50
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	51	execute(rqlstring, args=None, build_descr=True)
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	52
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	53	:rqlstring: the RQL query to execute (unicode)
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	54	:args: if the query contains substitutions, a dictionary containing the values to use
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	55
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	56	The `Connection` object owns the methods `commit` and `rollback`. You
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	57	should never need to use them during the development of the web
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	58	interface based on the CubicWeb framework as it determines the end
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	59	of the transaction depending on the query execution success. They are
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	60	however useful in other contexts such as tests or custom controllers.
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	61
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	62	.. note::
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	63
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	64	If a query generates an error related to security (:exc:`Unauthorized`) or to
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	65	integrity (:exc:`ValidationError`), the transaction can still continue but you
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	66	won't be able to commit it, a rollback will be necessary to start a new
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	67	transaction.
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	68
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	69	Also, a rollback is automatically done if an error occurs during commit.
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	70
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	71	.. note::
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	72
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	73	A :exc:`ValidationError` has a `entity` attribute. In CubicWeb,
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	74	this atttribute is set to the entity's eid (not a reference to the
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	75	entity itself).
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	76
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	77	Executing RQL queries from a view or a hook
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	78	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	79
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	80	When you're within code of the web interface, the Connection is handled by the
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	81	request object. You should not have to access it directly, but use the
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	82	`execute` method directly available on the request, eg:
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	83
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	84	.. sourcecode:: python
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	85
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	86	rset = self._cw.execute(rqlstring, kwargs)
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	87
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	88	Similarly, on the server side (eg in hooks), there is no request object (since
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	89	you're directly inside the data-server), so you'll have to use the execute method
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	90	of the Connection object.
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	91
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	92	Proper usage of `.execute`
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	93	~~~~~~~~~~~~~~~~~~~~~~~~~~
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	94
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	95	Let's say you want to get T which is in configuration C, this translates to:
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	96
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	97	.. sourcecode:: python
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	98
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	99	self._cw.execute('Any T WHERE T in_conf C, C eid %s' % entity.eid)
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	100
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	101	But it must be written in a syntax that will benefit from the use
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	102	of a cache on the RQL server side:
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	103
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	104	.. sourcecode:: python
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	105
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	106	self._cw.execute('Any T WHERE T in_conf C, C eid %(x)s', {'x': entity.eid})
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	107
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	108	The syntax tree is built once for the "generic" RQL and can be re-used
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	109	with a number of different eids. The rql IN operator is an exception
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	110	to this rule.
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	111
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	112	.. sourcecode:: python
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	113
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	114	self._cw.execute('Any T WHERE T in_conf C, C name IN (%s)'
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	115	% ','.join(['foo', 'bar']))
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	116
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	117	Alternatively, some of the common data related to an entity can be
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	118	obtained from the `entity.related()` method (which is used under the
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	119	hood by the ORM when you use attribute access notation on an entity to
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	120	get a relation. The initial request would then be translated to:
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	121
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	122	.. sourcecode:: python
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	123
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	124	entity.related('in_conf', 'object')
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	125
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	126	Additionally this benefits from the fetch_attrs policy (see :ref:`FetchAttrs`)
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	127	optionally defined on the class element, which says which attributes must be
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	128	also loaded when the entity is loaded through the ORM.
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	129
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	130	.. _resultset:
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	131
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	132	The `ResultSet` API
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	133	~~~~~~~~~~~~~~~~~~~
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	134
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	135	ResultSet instances are a very commonly manipulated object. They have
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	136	a rich API as seen below, but we would like to highlight a bunch of
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	137	methods that are quite useful in day-to-day practice:
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	138
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	139	* `__str__()` (applied by `print`) gives a very useful overview of both
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	140	the underlying RQL expression and the data inside; unavoidable for
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	141	debugging purposes
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	142
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	143	* `printable_rql()` returns a well formed RQL expression as a
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	144	string; it is very useful to build views
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	145
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	146	* `entities()` returns a generator on all entities of the result set
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	147
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	148	* `get_entity(row, col)` gets the entity at row, col coordinates; one
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	149	of the most used result set methods
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	150
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	151	.. autoclass:: cubicweb.rset.ResultSet
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	152	:members:
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	153
569324f890d7 [book] remove dbapi documentation Julien Cristau <julien.cristau@logilab.fr> parents: 9580 diff changeset	154
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	155	Authentication and management of sessions
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	156	-----------------------------------------
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	157
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	158	The authentication process is a ballet involving a few dancers:
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	159
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	160	* through its `get_session` method the top-level application object (the
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	161	`CubicWebPublisher`) will open a session whenever a web request
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	162	comes in; it asks the `session manager` to open a session (giving
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	163	the web request object as context) using `open_session`
2112 df86450ca65d [doc] a note on sessions Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1714 diff changeset	164
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	165	* the session manager asks its authentication manager (which is a
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	166	`component`) to authenticate the request (using `authenticate`)
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	167
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	168	* the authentication manager asks, in order, to its authentication
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	169	information retrievers, a login and an opaque object containing
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	170	other credentials elements (calling `authentication_information`),
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	171	giving the request object each time
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	172
9175 a7412e884d7b fix typos in docstring, doc and comments Julien Cristau <julien.cristau@logilab.fr> parents: 8760 diff changeset	173	* the default retriever (named `LoginPasswordRetriever`)
7751 50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	174	will in turn defer login and password fetching to the request
50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	175	object (which, depending on the authentication mode (`cookie`
50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	176	or `http`), will do the appropriate things and return a login
50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	177	and a password)
1714 a721966779be new book layout, do not compile yet sylvain.thenault@logilab.fr parents: diff changeset	178
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	179	* the authentication manager, on success, asks the `Repository`
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	180	object to connect with the found credentials (using `connect`)
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	181
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	182	* the repository object asks authentication to all of its
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	183	sources which support the `CWUser` entity with the given
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	184	credentials; when successful it can build the cwuser entity,
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	185	from which a regular `Session` object is made; it returns the
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	186	session id
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	187
7751 50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	188	* the source in turn will delegate work to an authentifier
50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	189	class that defines the ultimate `authenticate` method (for
50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	190	instance the native source will query the database against
50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	191	the provided credentials)
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	192
6311 afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	193	* the authentication manager, on success, will call back _all_
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	194	retrievers with `authenticated` and return its authentication
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	195	data (on failure, it will try the anonymous login or, if the
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	196	configuration forbids it, raise an `AuthenticationError`)
afd6a9e45489 [doc/book] tell a more complete story on sessions and the authentication process Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6298 diff changeset	197
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	198	Writing authentication plugins
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	199	------------------------------
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	200
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	201	Sometimes CubicWeb's out-of-the-box authentication schemes (cookie and
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	202	http) are not sufficient. Nowadays there is a plethora of such schemes
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	203	and the framework cannot provide them all, but as the sequence above
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	204	shows, it is extensible.
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	205
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	206	Two levels have to be considered when writing an authentication
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	207	plugin: the web client and the repository.
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	208
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	209	We invented a scenario where it makes sense to have a new plugin in
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	210	each side: some middleware will do pre-authentication and under the
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	211	right circumstances add a new HTTP `x-foo-user` header to the query
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	212	before it reaches the CubicWeb instance. For a concrete example of
7751 50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	213	this, see the `trustedauth`_ cube.
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	214
7751 50f89f05ae0a [doc/book] fix ref to trustedauth cube Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6320 diff changeset	215	.. _`trustedauth`: http://www.cubicweb.org/project/cubicweb-trustedauth
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	216
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	217	Repository authentication plugins
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	218	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	219
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	220	On the repository side, it is possible to register a source
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	221	authentifier using the following kind of code:
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	222
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	223	.. sourcecode:: python
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	224
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	225	from cubicweb.server.sources import native
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	226
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	227	class FooAuthentifier(native.LoginPasswordAuthentifier):
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	228	""" a source authentifier plugin
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	229	if 'foo' in authentication information, no need to check
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	230	password
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	231	"""
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	232	auth_rql = 'Any X WHERE X is CWUser, X login %(login)s'
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	233
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	234	def authenticate(self, session, login, **kwargs):
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	235	"""return CWUser eid for the given login
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	236	if this account is defined in this source,
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	237	else raise `AuthenticationError`
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	238	"""
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	239	session.debug('authentication by %s', self.__class__.__name__)
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	240	if 'foo' not in kwargs:
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	241	return super(FooAuthentifier, self).authenticate(session, login, **kwargs)
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	242	try:
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	243	rset = session.execute(self.auth_rql, {'login': login})
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	244	return rset[0][0]
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	245	except Exception, exc:
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	246	session.debug('authentication failure (%s)', exc)
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	247	raise AuthenticationError('foo user is unknown to us')
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	248
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	249	Since repository authentifiers are not appobjects, we have to register
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	250	them through a `server_startup` hook.
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	251
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	252	.. sourcecode:: python
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	253
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	254	class ServerStartupHook(hook.Hook):
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	255	""" register the foo authenticator """
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	256	__regid__ = 'fooauthenticatorregisterer'
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	257	events = ('server_startup',)
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	258
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	259	def __call__(self):
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	260	self.debug('registering foo authentifier')
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	261	self.repo.system_source.add_authentifier(FooAuthentifier())
b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	262
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	263	Web authentication plugins
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	264	~~~~~~~~~~~~~~~~~~~~~~~~~~
6313 b3fd91524132 [doc/book] begin an howto write auth plugins chapter Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6311 diff changeset	265
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	266	.. sourcecode:: python
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	267
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	268	class XFooUserRetriever(authentication.LoginPasswordRetriever):
6319 20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	269	""" authenticate by the x-foo-user http header
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	270	or just do normal login/password authentication
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	271	"""
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	272	__regid__ = 'x-foo-user'
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	273	order = 0
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	274
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	275	def authentication_information(self, req):
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	276	"""retrieve authentication information from the given request, raise
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	277	NoAuthInfo if expected information is not found
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	278	"""
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	279	self.debug('web authenticator building auth info')
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	280	try:
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	281	login = req.get_header('x-foo-user')
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	282	if login:
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	283	return login, {'foo': True}
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	284	else:
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	285	return super(XFooUserRetriever, self).authentication_information(self, req)
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	286	except Exception, exc:
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	287	self.debug('web authenticator failed (%s)', exc)
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	288	raise authentication.NoAuthInfo()
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	289
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	290	def authenticated(self, retriever, req, cnx, login, authinfo):
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	291	"""callback when return authentication information have opened a
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	292	repository connection successfully. Take care req has no session
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	293	attached yet, hence req.execute isn't available.
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	294
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	295	Here we set a flag on the request to indicate that the user is
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	296	foo-authenticated. Can be used by a selector
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	297	"""
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	298	self.debug('web authenticator running post authentication callback')
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	299	cnx.foo_user = authinfo.get('foo')
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	300
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	301	In the `authenticated` method we add (in an admitedly slightly hackish
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	302	way) an attribute to the connection object. This, in turn, can be used
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	303	to build a selector dispatching on the fact that the user was
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	304	preauthenticated or not.
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	305
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	306	.. sourcecode:: python
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	307
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	308	@objectify_selector
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	309	def foo_authenticated(cls, req, rset=None, **kwargs):
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	310	if hasattr(req.cnx, 'foo_user') and req.foo_user:
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	311	return 1
20a7399ed58d [doc/book] complete section on authentication plugins Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 6313 diff changeset	312	return 0
8760 17994bf95d6a [doc] update Session documentation Pierre-Yves David <pierre-yves.david@logilab.fr> parents: 7751 diff changeset	313
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	314	Full Session and Connection API
abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	315	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8760 17994bf95d6a [doc] update Session documentation Pierre-Yves David <pierre-yves.david@logilab.fr> parents: 7751 diff changeset	316
17994bf95d6a [doc] update Session documentation Pierre-Yves David <pierre-yves.david@logilab.fr> parents: 7751 diff changeset	317	.. autoclass:: cubicweb.server.session.Session
9580 abaae1496ba4 [book] Update documentation for new repoapi Julien Cristau <julien.cristau@logilab.fr> parents: 9175 diff changeset	318	.. autoclass:: cubicweb.server.session.Connection

author	Julien Cristau <julien.cristau@logilab.fr>
	Fri, 13 Mar 2015 16:10:29 +0100
changeset 10333	569324f890d7
parent 9580	abaae1496ba4
permissions	-rw-r--r--