author | Denis Laxalde <denis.laxalde@logilab.fr> |
Tue, 21 Feb 2017 17:41:32 +0100 | |
changeset 11971 | 6c035cfef04f |
parent 11681 | b23d58050076 |
permissions | -rw-r--r-- |
11479 | 1 |
|
11621
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
2 |
pyramid_cubicweb_ is one specific way of integrating CubicWeb_ with a |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
3 |
Pyramid_ web application. |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
4 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
5 |
Features |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
6 |
======== |
11479 | 7 |
|
8 |
* provides a default route that let a cubicweb instance handle the request. |
|
9 |
||
11621
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
10 |
Usage |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
11 |
===== |
11479 | 12 |
|
11621
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
13 |
To use, install ``pyramid_cubicweb`` in your python environment, and |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
14 |
then include_ the package:: |
11479 | 15 |
|
16 |
config.include('pyramid_cubicweb') |
|
17 |
||
11621
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
18 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
19 |
Configuration |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
20 |
============= |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
21 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
22 |
Requires the following `INI setting / environment variable`_: |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
23 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
24 |
* `cubicweb.instance` / `CW_INSTANCE`: the cubicweb instance name |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
25 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
26 |
Authentication cookies |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
27 |
---------------------- |
11479 | 28 |
|
11621
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
29 |
When using the `pyramid_cubicweb.auth` (CubicWeb AuthTkt |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
30 |
authentication policy), which is the default in most cases, you may |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
31 |
have to configure the behaviour of these authentication policies using |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
32 |
standard's Pyramid configuration. You may want to configure in your |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
33 |
``pyramid.ini``: |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
34 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
35 |
:Session Authentication: |
11479 | 36 |
|
11621
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
37 |
This is a `AuthTktAuthenticationPolicy`_ so you may overwrite default |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
38 |
configuration values by adding configuration entries using the prefix |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
39 |
``cubicweb.auth.authtkt.session``. Default values are: |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
40 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
41 |
:: |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
42 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
43 |
cubicweb.auth.authtkt.session.hashalg = sha512 |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
44 |
cubicweb.auth.authtkt.session.cookie_name = auth_tkt |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
45 |
cubicweb.auth.authtkt.session.timeout = 1200 |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
46 |
cubicweb.auth.authtkt.session.reissue_time = 120 |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
47 |
cubicweb.auth.authtkt.session.http_only = True |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
48 |
cubicweb.auth.authtkt.session.secure = True |
11479 | 49 |
|
50 |
||
11621
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
51 |
:Persistent Authentication: |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
52 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
53 |
This is also a `AuthTktAuthenticationPolicy`_. It is used when persistent |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
54 |
sessions are activated (typically when using the cubicweb-rememberme_ |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
55 |
cube). You may overwrite default configuration values by adding |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
56 |
configuration entries using the prefix |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
57 |
``cubicweb.auth.authtkt.persistent``. Default values are: |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
58 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
59 |
:: |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
60 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
61 |
cubicweb.auth.authtkt.persistent.hashalg = sha512 |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
62 |
cubicweb.auth.authtkt.persistent.cookie_name = pauth_tkt |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
63 |
cubicweb.auth.authtkt.persistent.max_age = 3600*24*30 |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
64 |
cubicweb.auth.authtkt.persistent.reissue_time = 3600*24 |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
65 |
cubicweb.auth.authtkt.persistent.http_only = True |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
66 |
cubicweb.auth.authtkt.persistent.secure = True |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
67 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
68 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
69 |
.. Warning:: Legacy timeout values from the instance's |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
70 |
``all-in-one.conf`` are **not** used at all (`` |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
71 |
http-session-time`` and ``cleanup-session-time``) |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
72 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
73 |
Please refer to the documentation_ for more details (available in the |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
74 |
``docs`` directory of the source code). |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
75 |
|
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
76 |
.. _pyramid_cubicweb: https://www.cubicweb.org/project/pyramid-cubicweb |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
77 |
.. _CubicWeb: https://www.cubicweb.org/ |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
78 |
.. _`cubicweb-rememberme`: \ |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
79 |
https://www.cubicweb.org/project/cubicweb-rememberme |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
80 |
.. _Pyramid: http://pypi.python.org/pypi/pyramid |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
81 |
.. _include: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
82 |
.. _`INI setting / environment variable`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
83 |
.. _documentation: http://pyramid-cubicweb.readthedocs.org/ |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
84 |
.. _AuthTktAuthenticationPolicy: \ |
5747d4c2e083
[doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents:
11481
diff
changeset
|
85 |
http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.AuthTktAuthenticationPolicy |
11681
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
86 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
87 |
Command |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
88 |
======= |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
89 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
90 |
Summary |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
91 |
------- |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
92 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
93 |
Add the 'pyramid' command to cubicweb-ctl". |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
94 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
95 |
This cube also add a ``CWSession`` entity type so that sessions can be |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
96 |
stored in the database, which allows to run a Cubicweb instance |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
97 |
without having to set up a session storage (like redis or memcache) |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
98 |
solution. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
99 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
100 |
However, for production systems, it is greatly advised to use such a |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
101 |
storage solution for the sessions. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
102 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
103 |
The handling of the sessions is made by pyramid (see the |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
104 |
`pyramid's documentation on sessions`_ for more details). |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
105 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
106 |
For example, to set up a redis based session storage, you need the |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
107 |
`pyramid-redis-session`_ package, then you must configure pyramid to |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
108 |
use this backend, by configuring the ``pyramid.ini`` file in the instance's |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
109 |
config directory (near the ``all-in-one.conf`` file): |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
110 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
111 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
112 |
.. code-block:: ini |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
113 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
114 |
[main] |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
115 |
cubicweb.defaults = no # we do not want to load the default cw session handling |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
116 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
117 |
cubicweb.auth.authtkt.session.secret = <secret1> |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
118 |
cubicweb.auth.authtkt.persistent.secret = <secret2> |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
119 |
cubicweb.auth.authtkt.session.secure = yes |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
120 |
cubicweb.auth.authtkt.persistent.secure = yes |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
121 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
122 |
redis.sessions.secret = <secret3> |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
123 |
redis.sessions.prefix = <my-app>: |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
124 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
125 |
redis.sessions.url = redis://localhost:6379/0 |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
126 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
127 |
pyramid.includes = |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
128 |
pyramid_redis_sessions |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
129 |
pyramid_cubicweb.auth |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
130 |
pyramid_cubicweb.login |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
131 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
132 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
133 |
See the documentation of `Pyramid Cubicweb`_ for more details. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
134 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
135 |
.. Warning:: If you want to be able to log in a CubicWeb application |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
136 |
served by pyramid on a unsecured stream (typically when |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
137 |
you start an instance in dev mode using a simple |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
138 |
``cubicweb-ctl pyramid -D -linfo myinstance``), you |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
139 |
**must** set ``cubicweb.auth.authtkt.session.secure`` to |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
140 |
``no``. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
141 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
142 |
Secrets |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
143 |
~~~~~~~ |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
144 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
145 |
There are a number of secrets to configure in ``pyramid.ini``. They |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
146 |
should be different one from each other, as explained in `Pyramid's |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
147 |
documentation`_. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
148 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
149 |
For the record: |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
150 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
151 |
:cubicweb.session.secret: This secret is used to encrypt the session's |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
152 |
data ID (data themselved are stored in the backend, database or |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
153 |
redis) when using the integrated (``CWSession`` based) session data |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
154 |
storage. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
155 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
156 |
:redis.session.secret: This secret is used to encrypt the session's |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
157 |
data ID (data themselved are stored in the backend, database or |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
158 |
redis) when using redis as backend. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
159 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
160 |
:cubicweb.auth.authtkt.session.secret: This secret is used to encrypt |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
161 |
the authentication cookie. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
162 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
163 |
:cubicweb.auth.authtkt.persistent.secret: This secret is used to |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
164 |
encrypt the persistent authentication cookie. |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
165 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
166 |
|
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
167 |
.. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/ |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
168 |
.. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
169 |
.. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html |
b23d58050076
Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents:
11631
diff
changeset
|
170 |
.. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing |