author | David Douard <david.douard@logilab.fr> |
Wed, 11 May 2016 11:27:50 +0200 | |
changeset 11678 | a615997559a6 |
parent 11674 | 04dbef596243 |
permissions | -rw-r--r-- |
11632 | 1 |
Summary |
2 |
------- |
|
11674
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
3 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
4 |
Add the 'pyramid' command to cubicweb-ctl". |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
5 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
6 |
This cube also add a ``CWSession`` entity type so that sessions can be |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
7 |
stored in the database, which allows to run a Cubicweb instance |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
8 |
without having to set up a session storage (like redis or memcache) |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
9 |
solution. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
10 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
11 |
However, for production systems, it is greatly advised to use such a |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
12 |
storage solution for the sessions. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
13 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
14 |
The handling of the sessions is made by pyramid (see the |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
15 |
`pyramid's documentation on sessions`_ for more details). |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
16 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
17 |
For example, to set up a redis based session storage, you need the |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
18 |
`pyramid-redis-session`_ package, then you must configure pyramid to |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
19 |
use this backend, by configuring the ``pyramid.ini`` file in the instance's |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
20 |
config directory (near the ``all-in-one.conf`` file): |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
21 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
22 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
23 |
.. code-block:: ini |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
24 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
25 |
[main] |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
26 |
cubicweb.defaults = no # we do not want to load the default cw session handling |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
27 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
28 |
cubicweb.auth.authtkt.session.secret = <secret1> |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
29 |
cubicweb.auth.authtkt.persistent.secret = <secret2> |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
30 |
cubicweb.auth.authtkt.session.secure = yes |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
31 |
cubicweb.auth.authtkt.persistent.secure = yes |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
32 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
33 |
redis.sessions.secret = <secret3> |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
34 |
redis.sessions.prefix = <my-app>: |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
35 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
36 |
redis.sessions.url = redis://localhost:6379/0 |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
37 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
38 |
pyramid.includes = |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
39 |
pyramid_redis_sessions |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
40 |
pyramid_cubicweb.auth |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
41 |
pyramid_cubicweb.login |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
42 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
43 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
44 |
See the documentation of `Pyramid Cubicweb`_ for more details. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
45 |
|
11678
a615997559a6
[doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents:
11674
diff
changeset
|
46 |
.. Warning:: If you want to be able to log in a CubicWeb application |
a615997559a6
[doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents:
11674
diff
changeset
|
47 |
served by pyramid on a unsecured stream (typically when |
a615997559a6
[doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents:
11674
diff
changeset
|
48 |
you start an instance in dev mode using a simple |
a615997559a6
[doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents:
11674
diff
changeset
|
49 |
``cubicweb-ctl pyramid -D -linfo myinstance``), you |
a615997559a6
[doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents:
11674
diff
changeset
|
50 |
**must** set ``cubicweb.auth.authtkt.session.secure`` to |
a615997559a6
[doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents:
11674
diff
changeset
|
51 |
``no``. |
11674
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
52 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
53 |
Secrets |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
54 |
~~~~~~~ |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
55 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
56 |
There are a number of secrets to configure in ``pyramid.ini``. They |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
57 |
should be different one from each other, as explained in `Pyramid's |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
58 |
documentation`_. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
59 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
60 |
For the record: |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
61 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
62 |
:cubicweb.session.secret: This secret is used to encrypt the session's |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
63 |
data ID (data themselved are stored in the backend, database or |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
64 |
redis) when using the integrated (``CWSession`` based) session data |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
65 |
storage. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
66 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
67 |
:redis.session.secret: This secret is used to encrypt the session's |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
68 |
data ID (data themselved are stored in the backend, database or |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
69 |
redis) when using redis as backend. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
70 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
71 |
:cubicweb.auth.authtkt.session.secret: This secret is used to encrypt |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
72 |
the authentication cookie. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
73 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
74 |
:cubicweb.auth.authtkt.persistent.secret: This secret is used to |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
75 |
encrypt the persistent authentication cookie. |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
76 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
77 |
|
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
78 |
.. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/ |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
79 |
.. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
80 |
.. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html |
04dbef596243
[doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents:
11632
diff
changeset
|
81 |
.. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing |