cubicweb: pyramid_cubicweb/auth.py@caf268942436 (annotated)

11533 4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	1	import datetime
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	2	import logging
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	3	import warnings
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	4
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	5	from pyramid.authorization import ACLAuthorizationPolicy
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	6	from pyramid_cubicweb.core import get_principals
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	7
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	8	from pyramid.authentication import AuthTktAuthenticationPolicy
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	9
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	10	log = logging.getLogger(__name__)
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	11
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	12
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	13	class CubicWebAuthTktAuthenticationPolicy(AuthTktAuthenticationPolicy):
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	14	"""An authentication policy that update the user last_login_time.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	15
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	16	The update is done in the 'remember' method, which is called on login,
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	17	and each time the authentication ticket is reissued.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	18
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	19	Meaning, the last_login_time is updated reissue_time seconds (maximum)
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	20	before the last request by the user.
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	21
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	22	Usually used via :func:`includeme`.
11533 4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	23	"""
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	24
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	25	def remember(self, request, principal, **kw):
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	26	headers = super(CubicWebAuthTktAuthenticationPolicy, self).remember(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	27	request, principal, **kw)
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	28	try:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	29	repo = request.registry['cubicweb.repository']
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	30	with repo.internal_cnx() as cnx:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	31	cnx.execute(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	32	"SET U last_login_time %(now)s WHERE U eid %(user)s", {
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	33	'now': datetime.datetime.now(),
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	34	'user': principal})
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	35	cnx.commit()
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	36	except:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	37	log.exception("Failed to update last_login_time")
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	38	return headers
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	39
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	40
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	41	def includeme(config):
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	42	""" Activate the CubicWeb AuthTkt authentication policy.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	43
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	44	Usually called via ``config.include('pyramid_cubicweb.auth')``.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	45
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	46	See also :ref:`defaults_module`
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11533 diff changeset	47	"""
11533 4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	48	secret = config.registry['cubicweb.config']['pyramid-auth-secret']
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	49
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	50	if not secret:
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	51	secret = 'notsosecret'
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	52	warnings.warn('''
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	53
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	54	!! WARNING !! !! WARNING !!
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	55
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	56	The authentication cookies are signed with a static secret key.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	57	To put your own secret key, edit your all-in-one.conf file
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	58	and set the 'pyramid-auth-secret' key.
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	59
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	60	YOU SHOULD STOP THIS INSTANCE unless your really know what you
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	61	are doing !!
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	62
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	63	''')
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	64
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	65	config.set_authentication_policy(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	66	CubicWebAuthTktAuthenticationPolicy(
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	67	secret, callback=get_principals, hashalg='sha512',
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	68	reissue_time=3600))
4ced3782b90f Move auth-related configuration to a dedicated module. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	69	config.set_authorization_policy(ACLAuthorizationPolicy())

author	Christophe de Vienne <christophe@unlish.com>
	Sat, 03 Jan 2015 22:06:03 +0100
changeset 11537	caf268942436
parent 11533	4ced3782b90f
child 11561	25d93d14f8b6
permissions	-rw-r--r--