README.pyramid.rst
author Philippe Pepiot <philippe.pepiot@logilab.fr>
Thu, 12 Jan 2017 13:40:25 +0100
branch3.24
changeset 11908 7904fe436e82
parent 11681 b23d58050076
permissions -rw-r--r--
[repository] Fix connection-pool-size not set to 1 with quick_start enabled config.load_schema() and config.init_cube() reload configuration options from config file, so a manually set connections-pool-size (eg. when quick_start is enabled) wasn't working.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     1
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     2
pyramid_cubicweb_ is one specific way of integrating CubicWeb_ with a
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     3
Pyramid_ web application.
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     4
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     5
Features
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     6
========
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     7
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     8
* provides a default route that let a cubicweb instance handle the request.
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     9
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    10
Usage
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    11
=====
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    12
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    13
To use, install ``pyramid_cubicweb`` in your python environment, and
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    14
then include_ the package::
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    15
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    16
    config.include('pyramid_cubicweb')
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    17
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    18
    
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    19
Configuration
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    20
=============
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    21
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    22
Requires the following `INI setting / environment variable`_:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    23
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    24
* `cubicweb.instance` / `CW_INSTANCE`: the cubicweb instance name
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    25
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    26
Authentication cookies
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    27
----------------------
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    28
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    29
When using the `pyramid_cubicweb.auth` (CubicWeb AuthTkt
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    30
authentication policy), which is the default in most cases, you may
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    31
have to configure the behaviour of these authentication policies using
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    32
standard's Pyramid configuration. You may want to configure in your
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    33
``pyramid.ini``:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    34
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    35
:Session Authentication:
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    36
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    37
    This is a `AuthTktAuthenticationPolicy`_ so you may overwrite default
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    38
    configuration values by adding configuration entries using the prefix
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    39
    ``cubicweb.auth.authtkt.session``. Default values are:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    40
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    41
    ::
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    42
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    43
        cubicweb.auth.authtkt.session.hashalg = sha512
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    44
        cubicweb.auth.authtkt.session.cookie_name = auth_tkt
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    45
        cubicweb.auth.authtkt.session.timeout = 1200
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    46
        cubicweb.auth.authtkt.session.reissue_time = 120
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    47
        cubicweb.auth.authtkt.session.http_only = True
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    48
        cubicweb.auth.authtkt.session.secure = True
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    49
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    50
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    51
:Persistent Authentication:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    52
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    53
    This is also a `AuthTktAuthenticationPolicy`_. It is used when persistent
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    54
    sessions are activated (typically when using the cubicweb-rememberme_
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    55
    cube). You may overwrite default configuration values by adding
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    56
    configuration entries using the prefix
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    57
    ``cubicweb.auth.authtkt.persistent``. Default values are:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    58
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    59
    ::
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    60
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    61
        cubicweb.auth.authtkt.persistent.hashalg = sha512
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    62
        cubicweb.auth.authtkt.persistent.cookie_name = pauth_tkt
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    63
        cubicweb.auth.authtkt.persistent.max_age = 3600*24*30
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    64
        cubicweb.auth.authtkt.persistent.reissue_time = 3600*24
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    65
        cubicweb.auth.authtkt.persistent.http_only = True
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    66
        cubicweb.auth.authtkt.persistent.secure = True
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    67
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    68
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    69
.. Warning:: Legacy timeout values from the instance's
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    70
             ``all-in-one.conf`` are **not** used at all (``
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    71
             http-session-time`` and ``cleanup-session-time``)
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    72
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    73
Please refer to the documentation_ for more details (available in the
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    74
``docs`` directory of the source code).
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    75
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    76
.. _pyramid_cubicweb: https://www.cubicweb.org/project/pyramid-cubicweb
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    77
.. _CubicWeb: https://www.cubicweb.org/
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    78
.. _`cubicweb-rememberme`: \
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    79
    https://www.cubicweb.org/project/cubicweb-rememberme
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    80
.. _Pyramid: http://pypi.python.org/pypi/pyramid
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    81
.. _include: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    82
.. _`INI setting / environment variable`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    83
.. _documentation: http://pyramid-cubicweb.readthedocs.org/
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    84
.. _AuthTktAuthenticationPolicy: \
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    85
    http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.AuthTktAuthenticationPolicy
11681
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    86
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    87
Command
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    88
=======
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    89
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    90
Summary
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    91
-------
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    92
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    93
Add the 'pyramid' command to cubicweb-ctl".
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    94
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    95
This cube also add a ``CWSession`` entity type so that sessions can be
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    96
stored in the database, which allows to run a Cubicweb instance
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    97
without having to set up a session storage (like redis or memcache)
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    98
solution.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    99
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   100
However, for production systems, it is greatly advised to use such a
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   101
storage solution for the sessions.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   102
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   103
The handling of the sessions is made by pyramid (see the
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   104
`pyramid's documentation on sessions`_ for more details).
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   105
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   106
For example, to set up a redis based session storage, you need the
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   107
`pyramid-redis-session`_ package, then you must configure pyramid to
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   108
use this backend, by configuring the ``pyramid.ini`` file in the instance's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   109
config directory (near the ``all-in-one.conf`` file):
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   110
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   111
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   112
.. code-block:: ini
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   113
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   114
   [main]
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   115
   cubicweb.defaults = no # we do not want to load the default cw session handling
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   116
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   117
   cubicweb.auth.authtkt.session.secret = <secret1>
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   118
   cubicweb.auth.authtkt.persistent.secret = <secret2>
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   119
   cubicweb.auth.authtkt.session.secure = yes
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   120
   cubicweb.auth.authtkt.persistent.secure = yes
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   121
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   122
   redis.sessions.secret = <secret3>
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   123
   redis.sessions.prefix = <my-app>:
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   124
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   125
   redis.sessions.url = redis://localhost:6379/0
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   126
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   127
   pyramid.includes =
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   128
           pyramid_redis_sessions
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   129
           pyramid_cubicweb.auth
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   130
           pyramid_cubicweb.login
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   131
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   132
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   133
See the documentation of `Pyramid Cubicweb`_ for more details.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   134
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   135
.. Warning:: If you want to be able to log in a CubicWeb application
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   136
             served by pyramid on a unsecured stream (typically when
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   137
             you start an instance in dev mode using a simple
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   138
             ``cubicweb-ctl pyramid -D -linfo myinstance``), you
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   139
             **must** set ``cubicweb.auth.authtkt.session.secure`` to
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   140
             ``no``.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   141
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   142
Secrets
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   143
~~~~~~~
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   144
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   145
There are a number of secrets to configure in ``pyramid.ini``. They
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   146
should be different one from each other, as explained in `Pyramid's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   147
documentation`_.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   148
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   149
For the record:
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   150
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   151
:cubicweb.session.secret: This secret is used to encrypt the session's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   152
   data ID (data themselved are stored in the backend, database or
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   153
   redis) when using the integrated (``CWSession`` based) session data
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   154
   storage.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   155
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   156
:redis.session.secret: This secret is used to encrypt the session's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   157
   data ID (data themselved are stored in the backend, database or
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   158
   redis) when using redis as backend.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   159
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   160
:cubicweb.auth.authtkt.session.secret: This secret is used to encrypt
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   161
   the authentication cookie.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   162
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   163
:cubicweb.auth.authtkt.persistent.secret: This secret is used to
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   164
   encrypt the persistent authentication cookie.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   165
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   166
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   167
.. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   168
.. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   169
.. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   170
.. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing