README
author David Douard <david.douard@logilab.fr>
Wed, 11 May 2016 11:27:50 +0200
changeset 11678 a615997559a6
parent 11674 04dbef596243
permissions -rw-r--r--
[doc] improve a bit the README to explain how to allow login in dev mode
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
11632
b05f361db666 Project structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     1
Summary
b05f361db666 Project structure
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     2
-------
11674
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
     3
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
     4
Add the 'pyramid' command to cubicweb-ctl".
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
     5
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
     6
This cube also add a ``CWSession`` entity type so that sessions can be
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
     7
stored in the database, which allows to run a Cubicweb instance
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
     8
without having to set up a session storage (like redis or memcache)
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
     9
solution.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    10
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    11
However, for production systems, it is greatly advised to use such a
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    12
storage solution for the sessions.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    13
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    14
The handling of the sessions is made by pyramid (see the
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    15
`pyramid's documentation on sessions`_ for more details).
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    16
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    17
For example, to set up a redis based session storage, you need the
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    18
`pyramid-redis-session`_ package, then you must configure pyramid to
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    19
use this backend, by configuring the ``pyramid.ini`` file in the instance's
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    20
config directory (near the ``all-in-one.conf`` file):
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    21
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    22
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    23
.. code-block:: ini
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    24
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    25
   [main]
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    26
   cubicweb.defaults = no # we do not want to load the default cw session handling
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    27
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    28
   cubicweb.auth.authtkt.session.secret = <secret1>
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    29
   cubicweb.auth.authtkt.persistent.secret = <secret2>
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    30
   cubicweb.auth.authtkt.session.secure = yes
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    31
   cubicweb.auth.authtkt.persistent.secure = yes
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    32
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    33
   redis.sessions.secret = <secret3>
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    34
   redis.sessions.prefix = <my-app>:
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    35
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    36
   redis.sessions.url = redis://localhost:6379/0
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    37
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    38
   pyramid.includes =
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    39
           pyramid_redis_sessions
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    40
           pyramid_cubicweb.auth
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    41
           pyramid_cubicweb.login
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    42
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    43
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    44
See the documentation of `Pyramid Cubicweb`_ for more details.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    45
11678
a615997559a6 [doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents: 11674
diff changeset
    46
.. Warning:: If you want to be able to log in a CubicWeb application
a615997559a6 [doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents: 11674
diff changeset
    47
             served by pyramid on a unsecured stream (typically when
a615997559a6 [doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents: 11674
diff changeset
    48
             you start an instance in dev mode using a simple
a615997559a6 [doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents: 11674
diff changeset
    49
             ``cubicweb-ctl pyramid -D -linfo myinstance``), you
a615997559a6 [doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents: 11674
diff changeset
    50
             **must** set ``cubicweb.auth.authtkt.session.secure`` to
a615997559a6 [doc] improve a bit the README to explain how to allow login in dev mode
David Douard <david.douard@logilab.fr>
parents: 11674
diff changeset
    51
             ``no``.
11674
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    52
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    53
Secrets
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    54
~~~~~~~
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    55
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    56
There are a number of secrets to configure in ``pyramid.ini``. They
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    57
should be different one from each other, as explained in `Pyramid's
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    58
documentation`_.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    59
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    60
For the record:
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    61
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    62
:cubicweb.session.secret: This secret is used to encrypt the session's
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    63
   data ID (data themselved are stored in the backend, database or
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    64
   redis) when using the integrated (``CWSession`` based) session data
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    65
   storage.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    66
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    67
:redis.session.secret: This secret is used to encrypt the session's
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    68
   data ID (data themselved are stored in the backend, database or
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    69
   redis) when using redis as backend.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    70
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    71
:cubicweb.auth.authtkt.session.secret: This secret is used to encrypt
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    72
   the authentication cookie.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    73
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    74
:cubicweb.auth.authtkt.persistent.secret: This secret is used to
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    75
   encrypt the persistent authentication cookie.
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    76
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    77
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    78
.. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    79
.. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    80
.. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html
04dbef596243 [doc] add a bit more infos in the README
David Douard <david.douard@logilab.fr>
parents: 11632
diff changeset
    81
.. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing