cubicweb: pyramid_cubicweb/defaults.py@92423d03ef25 (annotated)

11519 92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	1	import datetime
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	2	import logging
11507 4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	3	import warnings
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	4
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	5	from pyramid.authentication import AuthTktAuthenticationPolicy
11492 b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	6	from pyramid.authorization import ACLAuthorizationPolicy
b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	7
b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	8	from pyramid_cubicweb.core import get_principals
b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	9
11519 92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	10	log = logging.getLogger(__name__)
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	11
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	12
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	13	class CubicWebAuthTktAuthenticationPolicy(AuthTktAuthenticationPolicy):
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	14	"""An authentication policy that update the user last_login_time.
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	15
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	16	The update is done in the 'remember' method, which is called on login,
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	17	and each time the authentication ticket is reissued.
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	18
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	19	Meaning, the last_login_time is updated reissue_time seconds (maximum)
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	20	before the last request by the user.
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	21	"""
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	22
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	23	def remember(self, request, principal, **kw):
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	24	headers = super(CubicWebAuthTktAuthenticationPolicy, self).remember(
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	25	request, principal, **kw)
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	26	try:
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	27	repo = request.registry['cubicweb.repository']
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	28	with repo.internal_session() as cnx:
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	29	cnx.execute(
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	30	"SET U last_login_time %(now)s WHERE U eid %(user)s", {
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	31	'now': datetime.datetime.now(),
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	32	'user': principal})
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	33	cnx.commit()
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	34	except:
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	35	log.exception("Failed to update last_login_time")
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	36	return headers
92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	37
11492 b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	38
b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	39	def includeme(config):
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: 11493 diff changeset	40	config.include('pyramid_cubicweb.session')
11492 b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	41
11507 4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	42	secret = config.registry['cubicweb.config']['pyramid-auth-secret']
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	43
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	44	if not secret:
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	45	secret = 'notsosecret'
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	46	warnings.warn('''
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	47
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	48	!! WARNING !! !! WARNING !!
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	49
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	50	The authentication cookies are signed with a static secret key.
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	51	To put your own secret key, edit your all-in-one.conf file
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	52	and set the 'pyramid-session-secret' key.
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	53
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	54	YOU SHOULD STOP THIS INSTANCE unless your really know what you
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	55	are doing !!
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	56
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	57	''')
4d7286f079e1 Use AuthTktAuthenticationPolicy Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	58
11492 b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	59	config.set_authentication_policy(
11519 92423d03ef25 [auth] Make last_login_time updated. Christophe de Vienne <christophe@unlish.com> parents: 11509 diff changeset	60	CubicWebAuthTktAuthenticationPolicy(
11509 ca3412269cd1 Handle '__setauthcookie' Christophe de Vienne <christophe@unlish.com> parents: 11507 diff changeset	61	secret, callback=get_principals, hashalg='sha512',
ca3412269cd1 Handle '__setauthcookie' Christophe de Vienne <christophe@unlish.com> parents: 11507 diff changeset	62	reissue_time=3600))
11492 b0b8942cdb80 Separate into 4 modules Christophe de Vienne <christophe@unlish.com> parents: diff changeset	63	config.set_authorization_policy(ACLAuthorizationPolicy())
11493 00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: 11492 diff changeset	64
00e5cb9771c5 Put the login view in a separate module. Christophe de Vienne <christophe@unlish.com> parents: 11492 diff changeset	65	config.include('pyramid_cubicweb.login')

author	Christophe de Vienne <christophe@unlish.com>
	Sun, 02 Nov 2014 22:54:24 +0100
changeset 11519	92423d03ef25
parent 11509	ca3412269cd1
child 11530	167f415e023e
permissions	-rw-r--r--