author | Philippe Pepiot <philippe.pepiot@logilab.fr> |
Wed, 18 Jul 2018 13:47:45 +0200 | |
branch | 3.26 |
changeset 12343 | 8362503a9248 |
parent 11631 | faf279e33298 |
permissions | -rw-r--r-- |
11565
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
1 |
Authentication |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
2 |
============== |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
3 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
4 |
Overview |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
5 |
-------- |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
6 |
|
11631
faf279e33298
Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents:
11565
diff
changeset
|
7 |
A default authentication stack is provided by the :mod:`cubicweb.pyramid.auth` |
faf279e33298
Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents:
11565
diff
changeset
|
8 |
module, which is included by :mod:`cubicweb.pyramid.default`. |
11565
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
9 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
10 |
The authentication stack is built around `pyramid_multiauth`_, and provides a |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
11 |
few default policies that reproduce the default cubicweb behavior. |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
12 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
13 |
.. note:: |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
14 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
15 |
Note that this module only provides an authentication policy, not the views |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
16 |
that handle the login form. See :ref:`login_module` |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
17 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
18 |
Customize |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
19 |
--------- |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
20 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
21 |
The default policies can be individually deactivated, as well as the default |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
22 |
authentication callback that returns the current user groups as :term:`principals`. |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
23 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
24 |
The following settings can be set to `False`: |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
25 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
26 |
- :confval:`cubicweb.auth.update_login_time`. Activate the policy that update |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
27 |
the user `login_time` when `remember` is called. |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
28 |
- :confval:`cubicweb.auth.authtkt` and all its subvalues. |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
29 |
- :confval:`cubicweb.auth.groups_principals` |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
30 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
31 |
Additionnal policies can be added by accessing the MultiAuthenticationPolicy |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
32 |
instance in the registry: |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
33 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
34 |
.. code-block:: python |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
35 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
36 |
mypolicy = SomePolicy() |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
37 |
authpolicy = config.registry['cubicweb.authpolicy'] |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
38 |
authpolicy._policies.append(mypolicy) |
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
39 |
|
6398be12f8e6
[doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
40 |
.. _pyramid_multiauth: https://github.com/mozilla-services/pyramid_multiauth |