README.pyramid.rst
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Fri, 18 Nov 2016 18:19:10 +0100
changeset 11873 8758b42d6c72
parent 11681 b23d58050076
permissions -rw-r--r--
[schema/optimization] Ensure read permissions are deactivated when we're checking a permission When called from a web request, since we *are* checking some permission, read permissions don't have to be introduced in this query. We may avoid that since there now more any differences between web and repo connections, so let's do it.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     1
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     2
pyramid_cubicweb_ is one specific way of integrating CubicWeb_ with a
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     3
Pyramid_ web application.
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     4
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     5
Features
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
     6
========
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     7
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     8
* provides a default route that let a cubicweb instance handle the request.
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     9
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    10
Usage
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    11
=====
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    12
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    13
To use, install ``pyramid_cubicweb`` in your python environment, and
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    14
then include_ the package::
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    15
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    16
    config.include('pyramid_cubicweb')
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    17
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    18
    
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    19
Configuration
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    20
=============
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    21
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    22
Requires the following `INI setting / environment variable`_:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    23
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    24
* `cubicweb.instance` / `CW_INSTANCE`: the cubicweb instance name
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    25
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    26
Authentication cookies
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    27
----------------------
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    28
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    29
When using the `pyramid_cubicweb.auth` (CubicWeb AuthTkt
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    30
authentication policy), which is the default in most cases, you may
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    31
have to configure the behaviour of these authentication policies using
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    32
standard's Pyramid configuration. You may want to configure in your
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    33
``pyramid.ini``:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    34
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    35
:Session Authentication:
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    36
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    37
    This is a `AuthTktAuthenticationPolicy`_ so you may overwrite default
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    38
    configuration values by adding configuration entries using the prefix
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    39
    ``cubicweb.auth.authtkt.session``. Default values are:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    40
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    41
    ::
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    42
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    43
        cubicweb.auth.authtkt.session.hashalg = sha512
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    44
        cubicweb.auth.authtkt.session.cookie_name = auth_tkt
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    45
        cubicweb.auth.authtkt.session.timeout = 1200
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    46
        cubicweb.auth.authtkt.session.reissue_time = 120
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    47
        cubicweb.auth.authtkt.session.http_only = True
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    48
        cubicweb.auth.authtkt.session.secure = True
11479
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    49
a070f211b35c Project Structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    50
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    51
:Persistent Authentication:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    52
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    53
    This is also a `AuthTktAuthenticationPolicy`_. It is used when persistent
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    54
    sessions are activated (typically when using the cubicweb-rememberme_
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    55
    cube). You may overwrite default configuration values by adding
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    56
    configuration entries using the prefix
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    57
    ``cubicweb.auth.authtkt.persistent``. Default values are:
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    58
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    59
    ::
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    60
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    61
        cubicweb.auth.authtkt.persistent.hashalg = sha512
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    62
        cubicweb.auth.authtkt.persistent.cookie_name = pauth_tkt
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    63
        cubicweb.auth.authtkt.persistent.max_age = 3600*24*30
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    64
        cubicweb.auth.authtkt.persistent.reissue_time = 3600*24
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    65
        cubicweb.auth.authtkt.persistent.http_only = True
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    66
        cubicweb.auth.authtkt.persistent.secure = True
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    67
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    68
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    69
.. Warning:: Legacy timeout values from the instance's
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    70
             ``all-in-one.conf`` are **not** used at all (``
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    71
             http-session-time`` and ``cleanup-session-time``)
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    72
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    73
Please refer to the documentation_ for more details (available in the
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    74
``docs`` directory of the source code).
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    75
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    76
.. _pyramid_cubicweb: https://www.cubicweb.org/project/pyramid-cubicweb
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    77
.. _CubicWeb: https://www.cubicweb.org/
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    78
.. _`cubicweb-rememberme`: \
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    79
    https://www.cubicweb.org/project/cubicweb-rememberme
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    80
.. _Pyramid: http://pypi.python.org/pypi/pyramid
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    81
.. _include: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    82
.. _`INI setting / environment variable`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    83
.. _documentation: http://pyramid-cubicweb.readthedocs.org/
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    84
.. _AuthTktAuthenticationPolicy: \
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11481
diff changeset
    85
    http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.AuthTktAuthenticationPolicy
11681
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    86
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    87
Command
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    88
=======
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    89
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    90
Summary
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    91
-------
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    92
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    93
Add the 'pyramid' command to cubicweb-ctl".
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    94
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    95
This cube also add a ``CWSession`` entity type so that sessions can be
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    96
stored in the database, which allows to run a Cubicweb instance
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    97
without having to set up a session storage (like redis or memcache)
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    98
solution.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
    99
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   100
However, for production systems, it is greatly advised to use such a
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   101
storage solution for the sessions.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   102
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   103
The handling of the sessions is made by pyramid (see the
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   104
`pyramid's documentation on sessions`_ for more details).
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   105
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   106
For example, to set up a redis based session storage, you need the
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   107
`pyramid-redis-session`_ package, then you must configure pyramid to
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   108
use this backend, by configuring the ``pyramid.ini`` file in the instance's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   109
config directory (near the ``all-in-one.conf`` file):
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   110
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   111
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   112
.. code-block:: ini
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   113
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   114
   [main]
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   115
   cubicweb.defaults = no # we do not want to load the default cw session handling
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   116
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   117
   cubicweb.auth.authtkt.session.secret = <secret1>
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   118
   cubicweb.auth.authtkt.persistent.secret = <secret2>
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   119
   cubicweb.auth.authtkt.session.secure = yes
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   120
   cubicweb.auth.authtkt.persistent.secure = yes
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   121
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   122
   redis.sessions.secret = <secret3>
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   123
   redis.sessions.prefix = <my-app>:
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   124
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   125
   redis.sessions.url = redis://localhost:6379/0
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   126
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   127
   pyramid.includes =
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   128
           pyramid_redis_sessions
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   129
           pyramid_cubicweb.auth
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   130
           pyramid_cubicweb.login
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   131
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   132
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   133
See the documentation of `Pyramid Cubicweb`_ for more details.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   134
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   135
.. Warning:: If you want to be able to log in a CubicWeb application
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   136
             served by pyramid on a unsecured stream (typically when
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   137
             you start an instance in dev mode using a simple
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   138
             ``cubicweb-ctl pyramid -D -linfo myinstance``), you
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   139
             **must** set ``cubicweb.auth.authtkt.session.secure`` to
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   140
             ``no``.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   141
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   142
Secrets
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   143
~~~~~~~
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   144
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   145
There are a number of secrets to configure in ``pyramid.ini``. They
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   146
should be different one from each other, as explained in `Pyramid's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   147
documentation`_.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   148
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   149
For the record:
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   150
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   151
:cubicweb.session.secret: This secret is used to encrypt the session's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   152
   data ID (data themselved are stored in the backend, database or
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   153
   redis) when using the integrated (``CWSession`` based) session data
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   154
   storage.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   155
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   156
:redis.session.secret: This secret is used to encrypt the session's
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   157
   data ID (data themselved are stored in the backend, database or
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   158
   redis) when using redis as backend.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   159
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   160
:cubicweb.auth.authtkt.session.secret: This secret is used to encrypt
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   161
   the authentication cookie.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   162
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   163
:cubicweb.auth.authtkt.persistent.secret: This secret is used to
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   164
   encrypt the persistent authentication cookie.
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   165
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   166
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   167
.. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   168
.. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   169
.. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html
b23d58050076 Merge cubicweb-pyramid cube
Yann Voté <yann.vote@logilab.fr>
parents: 11631
diff changeset
   170
.. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing