doc/book/pyramid/auth.rst
author Philippe Pepiot <philippe.pepiot@logilab.fr>
Wed, 18 Jul 2018 13:47:45 +0200
branch3.26
changeset 12343 8362503a9248
parent 11631 faf279e33298
permissions -rw-r--r--
[pkg] version 3.26.6
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
11565
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     1
Authentication
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     2
==============
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     3
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     4
Overview
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     5
--------
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     6
11631
faf279e33298 Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents: 11565
diff changeset
     7
A default authentication stack is provided by the :mod:`cubicweb.pyramid.auth`
faf279e33298 Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents: 11565
diff changeset
     8
module, which is included by :mod:`cubicweb.pyramid.default`.
11565
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     9
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    10
The authentication stack is built around `pyramid_multiauth`_, and provides a
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    11
few default policies that reproduce the default cubicweb behavior.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    12
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    13
.. note::
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    14
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    15
    Note that this module only provides an authentication policy, not the views
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    16
    that handle the login form. See :ref:`login_module`
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    17
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    18
Customize
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    19
---------
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    20
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    21
The default policies can be individually deactivated, as well as the default
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    22
authentication callback that returns the current user groups as :term:`principals`.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    23
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    24
The following settings can be set to `False`:
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    25
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    26
-   :confval:`cubicweb.auth.update_login_time`. Activate the policy that update
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    27
    the user `login_time` when `remember` is called.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    28
-   :confval:`cubicweb.auth.authtkt` and all its subvalues.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    29
-   :confval:`cubicweb.auth.groups_principals`
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    30
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    31
Additionnal policies can be added by accessing the MultiAuthenticationPolicy
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    32
instance in the registry:
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    33
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    34
.. code-block:: python
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    35
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    36
    mypolicy = SomePolicy()
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    37
    authpolicy = config.registry['cubicweb.authpolicy']
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    38
    authpolicy._policies.append(mypolicy)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    39
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    40
.. _pyramid_multiauth: https://github.com/mozilla-services/pyramid_multiauth