author | Christophe de Vienne <christophe@unlish.com> |
Mon, 11 May 2015 15:22:24 +0200 | |
changeset 11570 | 9957c610a047 |
parent 11562 | a49f08423f02 |
child 11592 | 197e10cb74f7 |
permissions | -rw-r--r-- |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
1 |
import datetime |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
2 |
import logging |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
3 |
import warnings |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
4 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
5 |
from zope.interface import implementer |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
6 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
7 |
from pyramid.settings import asbool |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
8 |
from pyramid.authorization import ACLAuthorizationPolicy |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
9 |
from pyramid_cubicweb.core import get_principals |
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
10 |
from pyramid_multiauth import MultiAuthenticationPolicy |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
11 |
|
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
12 |
from pyramid.authentication import AuthTktAuthenticationPolicy |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
13 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
14 |
from pyramid.interfaces import IAuthenticationPolicy |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
15 |
|
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
16 |
log = logging.getLogger(__name__) |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
17 |
|
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
18 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
19 |
@implementer(IAuthenticationPolicy) |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
20 |
class UpdateLoginTimeAuthenticationPolicy(object): |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
21 |
"""An authentication policy that update the user last_login_time. |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
22 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
23 |
The update is done in the 'remember' method, which is called by the login |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
24 |
views login, |
11537
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
25 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
26 |
Usually used via :func:`includeme`. |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
27 |
""" |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
28 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
29 |
def authenticated_userid(self, request): |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
30 |
pass |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
31 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
32 |
def effective_principals(self, request): |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
33 |
return () |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
34 |
|
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
35 |
def remember(self, request, principal, **kw): |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
36 |
try: |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
37 |
repo = request.registry['cubicweb.repository'] |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
38 |
with repo.internal_cnx() as cnx: |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
39 |
cnx.execute( |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
40 |
"SET U last_login_time %(now)s WHERE U eid %(user)s", { |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
41 |
'now': datetime.datetime.now(), |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
42 |
'user': principal}) |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
43 |
cnx.commit() |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
44 |
except: |
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
45 |
log.exception("Failed to update last_login_time") |
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
46 |
return () |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
47 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
48 |
def forget(self, request): |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
49 |
return () |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
50 |
|
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
51 |
|
11562
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
52 |
class CWAuthTktAuthenticationPolicy(AuthTktAuthenticationPolicy): |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
53 |
""" |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
54 |
An authentication policy that inhibate the call the 'remember' if a |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
55 |
'persistent' argument is passed to it, and is equal to the value that |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
56 |
was passed to the constructor. |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
57 |
|
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
58 |
This allow to combine two policies with different settings and select them |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
59 |
by just setting this argument. |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
60 |
""" |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
61 |
def __init__(self, secret, persistent, **kw): |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
62 |
self.persistent = persistent |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
63 |
super(CWAuthTktAuthenticationPolicy, self).__init__(secret, **kw) |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
64 |
|
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
65 |
def remember(self, request, principals, **kw): |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
66 |
if 'persistent' not in kw or kw.pop('persistent') == self.persistent: |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
67 |
return super(CWAuthTktAuthenticationPolicy, self).remember( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
68 |
request, principals, **kw) |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
69 |
else: |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
70 |
return () |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
71 |
|
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
72 |
|
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
73 |
def includeme(config): |
11537
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
74 |
""" Activate the CubicWeb AuthTkt authentication policy. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
75 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
76 |
Usually called via ``config.include('pyramid_cubicweb.auth')``. |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
77 |
|
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
78 |
See also :ref:`defaults_module` |
caf268942436
Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
11533
diff
changeset
|
79 |
""" |
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
80 |
settings = config.registry.settings |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
81 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
82 |
policies = [] |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
83 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
84 |
if asbool(settings.get('cubicweb.auth.update_login_time', True)): |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
85 |
policies.append(UpdateLoginTimeAuthenticationPolicy()) |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
86 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
87 |
if asbool(settings.get('cubicweb.auth.authtkt', True)): |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
88 |
secret = config.registry['cubicweb.config']['pyramid-auth-secret'] |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
89 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
90 |
if not secret: |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
91 |
secret = 'notsosecret' |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
92 |
warnings.warn(''' |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
93 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
94 |
!! WARNING !! !! WARNING !! |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
95 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
96 |
The authentication cookies are signed with a static secret key. |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
97 |
To put your own secret key, edit your all-in-one.conf file |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
98 |
and set the 'pyramid-auth-secret' key. |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
99 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
100 |
YOU SHOULD STOP THIS INSTANCE unless your really know what you |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
101 |
are doing !! |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
102 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
103 |
''') |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
104 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
105 |
policies.append( |
11562
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
106 |
CWAuthTktAuthenticationPolicy( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
107 |
secret, False, hashalg='sha512', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
108 |
cookie_name=settings.get( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
109 |
'cubicweb.auth.authtkt.session.cookie_name', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
110 |
'auth_tkt'), |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
111 |
timeout=int(settings.get( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
112 |
'cubicweb.auth.authtkt.session.timeout', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
113 |
1200)), |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
114 |
reissue_time=int(settings.get( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
115 |
'cubicweb.auth.authtkt.session.reissue_time', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
116 |
120)) |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
117 |
) |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
118 |
) |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
119 |
|
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
120 |
policies.append( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
121 |
CWAuthTktAuthenticationPolicy( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
122 |
secret, True, hashalg='sha512', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
123 |
cookie_name=settings.get( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
124 |
'cubicweb.auth.authtkt.persistent.cookie_name', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
125 |
'pauth_tkt'), |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
126 |
max_age=int(settings.get( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
127 |
'cubicweb.auth.authtkt.persistent.max_age', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
128 |
3600*24*30 # defaults to 1 month |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
129 |
)), |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
130 |
reissue_time=int(settings.get( |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
131 |
'cubicweb.auth.authtkt.persistent.reissue_time', |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
132 |
3600*24 |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
133 |
)) |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
134 |
) |
a49f08423f02
[auth] Use a second authtkt policy for 'rememberme'
Christophe de Vienne <christophe@unlish.com>
parents:
11561
diff
changeset
|
135 |
) |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
136 |
|
11561
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
137 |
kw = {} |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
138 |
if asbool(settings.get('cubicweb.auth.groups_principals', True)): |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
139 |
kw['callback'] = get_principals |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
140 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
141 |
authpolicy = MultiAuthenticationPolicy(policies, **kw) |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
142 |
config.registry['cubicweb.authpolicy'] = authpolicy |
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
143 |
|
25d93d14f8b6
[auth] Use pyramid_multiauth
Christophe de Vienne <christophe@unlish.com>
parents:
11537
diff
changeset
|
144 |
config.set_authentication_policy(authpolicy) |
11533
4ced3782b90f
Move auth-related configuration to a dedicated module.
Christophe de Vienne <christophe@unlish.com>
parents:
diff
changeset
|
145 |
config.set_authorization_policy(ACLAuthorizationPolicy()) |