author | Julien Cristau <julien.cristau@logilab.fr> |
Wed, 17 Feb 2016 14:01:35 +0100 | |
changeset 11246 | ceb0e8e9129e |
parent 10496 | e95b559a06a2 |
child 12815 | a49f134db02e |
permissions | -rw-r--r-- |
1714
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
1 |
.. -*- coding: utf-8 -*- |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
2 |
|
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
3 |
Sessions |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
4 |
======== |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
5 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
6 |
Sessions are objects linked to an authenticated user. The `Session.new_cnx` |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
7 |
method returns a new Connection linked to that session. |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
8 |
|
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
9 |
Connections |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
10 |
=========== |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
11 |
|
10333
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
12 |
Connections provide the `.execute` method to query the data sources, along with |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
13 |
`.commit` and `.rollback` methods for transaction management. |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
14 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
15 |
Kinds of connections |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
16 |
-------------------- |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
17 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
18 |
There are two kinds of connections. |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
19 |
|
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
20 |
* `normal connections` are the most common: they are related to users and |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
21 |
carry security checks coming with user credentials |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
22 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
23 |
* `internal connections` have all the powers; they are also used in only a |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
24 |
few situations where you don't already have an adequate session at |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
25 |
hand, like: user authentication, data synchronisation in |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
26 |
multi-source contexts |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
27 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
28 |
Normal connections are typically named `_cw` in most appobjects or |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
29 |
sometimes just `session`. |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
30 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
31 |
Internal connections are available from the `Repository` object and are |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
32 |
to be used like this: |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
33 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
34 |
.. sourcecode:: python |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
35 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
36 |
with self.repo.internal_cnx() as cnx: |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
37 |
do_stuff_with(cnx) |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
38 |
cnx.commit() |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
39 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
40 |
Connections should always be used as context managers, to avoid leaks. |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
41 |
|
10333
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
42 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
43 |
Python/RQL API |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
44 |
~~~~~~~~~~~~~~ |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
45 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
46 |
The Python API developped to interface with RQL is inspired from the standard db-api, |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
47 |
but since `execute` returns its results directly, there is no `cursor` concept. |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
48 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
49 |
.. sourcecode:: python |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
50 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
51 |
execute(rqlstring, args=None, build_descr=True) |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
52 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
53 |
:rqlstring: the RQL query to execute (unicode) |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
54 |
:args: if the query contains substitutions, a dictionary containing the values to use |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
55 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
56 |
The `Connection` object owns the methods `commit` and `rollback`. You |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
57 |
*should never need to use them* during the development of the web |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
58 |
interface based on the *CubicWeb* framework as it determines the end |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
59 |
of the transaction depending on the query execution success. They are |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
60 |
however useful in other contexts such as tests or custom controllers. |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
61 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
62 |
.. note:: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
63 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
64 |
If a query generates an error related to security (:exc:`Unauthorized`) or to |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
65 |
integrity (:exc:`ValidationError`), the transaction can still continue but you |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
66 |
won't be able to commit it, a rollback will be necessary to start a new |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
67 |
transaction. |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
68 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
69 |
Also, a rollback is automatically done if an error occurs during commit. |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
70 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
71 |
.. note:: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
72 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
73 |
A :exc:`ValidationError` has a `entity` attribute. In CubicWeb, |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
74 |
this atttribute is set to the entity's eid (not a reference to the |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
75 |
entity itself). |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
76 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
77 |
Executing RQL queries from a view or a hook |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
78 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
79 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
80 |
When you're within code of the web interface, the Connection is handled by the |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
81 |
request object. You should not have to access it directly, but use the |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
82 |
`execute` method directly available on the request, eg: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
83 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
84 |
.. sourcecode:: python |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
85 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
86 |
rset = self._cw.execute(rqlstring, kwargs) |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
87 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
88 |
Similarly, on the server side (eg in hooks), there is no request object (since |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
89 |
you're directly inside the data-server), so you'll have to use the execute method |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
90 |
of the Connection object. |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
91 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
92 |
Proper usage of `.execute` |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
93 |
~~~~~~~~~~~~~~~~~~~~~~~~~~ |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
94 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
95 |
Let's say you want to get T which is in configuration C, this translates to: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
96 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
97 |
.. sourcecode:: python |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
98 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
99 |
self._cw.execute('Any T WHERE T in_conf C, C eid %s' % entity.eid) |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
100 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
101 |
But it must be written in a syntax that will benefit from the use |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
102 |
of a cache on the RQL server side: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
103 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
104 |
.. sourcecode:: python |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
105 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
106 |
self._cw.execute('Any T WHERE T in_conf C, C eid %(x)s', {'x': entity.eid}) |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
107 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
108 |
The syntax tree is built once for the "generic" RQL and can be re-used |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
109 |
with a number of different eids. The rql IN operator is an exception |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
110 |
to this rule. |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
111 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
112 |
.. sourcecode:: python |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
113 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
114 |
self._cw.execute('Any T WHERE T in_conf C, C name IN (%s)' |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
115 |
% ','.join(['foo', 'bar'])) |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
116 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
117 |
Alternatively, some of the common data related to an entity can be |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
118 |
obtained from the `entity.related()` method (which is used under the |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
119 |
hood by the ORM when you use attribute access notation on an entity to |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
120 |
get a relation. The initial request would then be translated to: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
121 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
122 |
.. sourcecode:: python |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
123 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
124 |
entity.related('in_conf', 'object') |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
125 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
126 |
Additionally this benefits from the fetch_attrs policy (see :ref:`FetchAttrs`) |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
127 |
optionally defined on the class element, which says which attributes must be |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
128 |
also loaded when the entity is loaded through the ORM. |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
129 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
130 |
.. _resultset: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
131 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
132 |
The `ResultSet` API |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
133 |
~~~~~~~~~~~~~~~~~~~ |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
134 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
135 |
ResultSet instances are a very commonly manipulated object. They have |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
136 |
a rich API as seen below, but we would like to highlight a bunch of |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
137 |
methods that are quite useful in day-to-day practice: |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
138 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
139 |
* `__str__()` (applied by `print`) gives a very useful overview of both |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
140 |
the underlying RQL expression and the data inside; unavoidable for |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
141 |
debugging purposes |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
142 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
143 |
* `printable_rql()` returns a well formed RQL expression as a |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
144 |
string; it is very useful to build views |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
145 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
146 |
* `entities()` returns a generator on all entities of the result set |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
147 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
148 |
* `get_entity(row, col)` gets the entity at row, col coordinates; one |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
149 |
of the most used result set methods |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
150 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
151 |
.. autoclass:: cubicweb.rset.ResultSet |
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
152 |
:members: |
10496
e95b559a06a2
[doc] more fixes of warnings/errors in doc build
David Douard <david.douard@logilab.fr>
parents:
10491
diff
changeset
|
153 |
:noindex: |
10333
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
154 |
|
569324f890d7
[book] remove dbapi documentation
Julien Cristau <julien.cristau@logilab.fr>
parents:
9580
diff
changeset
|
155 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
156 |
Authentication and management of sessions |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
157 |
----------------------------------------- |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
158 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
159 |
The authentication process is a ballet involving a few dancers: |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
160 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
161 |
* through its `get_session` method the top-level application object (the |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
162 |
`CubicWebPublisher`) will open a session whenever a web request |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
163 |
comes in; it asks the `session manager` to open a session (giving |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
164 |
the web request object as context) using `open_session` |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
165 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
166 |
* the session manager asks its authentication manager (which is a |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
167 |
`component`) to authenticate the request (using `authenticate`) |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
168 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
169 |
* the authentication manager asks, in order, to its authentication |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
170 |
information retrievers, a login and an opaque object containing |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
171 |
other credentials elements (calling `authentication_information`), |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
172 |
giving the request object each time |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
173 |
|
9175
a7412e884d7b
fix typos in docstring, doc and comments
Julien Cristau <julien.cristau@logilab.fr>
parents:
8760
diff
changeset
|
174 |
* the default retriever (named `LoginPasswordRetriever`) |
7751
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
175 |
will in turn defer login and password fetching to the request |
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
176 |
object (which, depending on the authentication mode (`cookie` |
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
177 |
or `http`), will do the appropriate things and return a login |
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
178 |
and a password) |
1714
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
179 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
180 |
* the authentication manager, on success, asks the `Repository` |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
181 |
object to connect with the found credentials (using `connect`) |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
182 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
183 |
* the repository object asks authentication to all of its |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
184 |
sources which support the `CWUser` entity with the given |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
185 |
credentials; when successful it can build the cwuser entity, |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
186 |
from which a regular `Session` object is made; it returns the |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
187 |
session id |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
188 |
|
7751
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
189 |
* the source in turn will delegate work to an authentifier |
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
190 |
class that defines the ultimate `authenticate` method (for |
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
191 |
instance the native source will query the database against |
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
192 |
the provided credentials) |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
193 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
194 |
* the authentication manager, on success, will call back _all_ |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
195 |
retrievers with `authenticated` and return its authentication |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
196 |
data (on failure, it will try the anonymous login or, if the |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
197 |
configuration forbids it, raise an `AuthenticationError`) |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
198 |
|
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
199 |
Writing authentication plugins |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
200 |
------------------------------ |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
201 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
202 |
Sometimes CubicWeb's out-of-the-box authentication schemes (cookie and |
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
203 |
http) are not sufficient. Nowadays there is a plethora of such schemes |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
204 |
and the framework cannot provide them all, but as the sequence above |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
205 |
shows, it is extensible. |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
206 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
207 |
Two levels have to be considered when writing an authentication |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
208 |
plugin: the web client and the repository. |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
209 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
210 |
We invented a scenario where it makes sense to have a new plugin in |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
211 |
each side: some middleware will do pre-authentication and under the |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
212 |
right circumstances add a new HTTP `x-foo-user` header to the query |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
213 |
before it reaches the CubicWeb instance. For a concrete example of |
7751
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
214 |
this, see the `trustedauth`_ cube. |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
215 |
|
7751
50f89f05ae0a
[doc/book] fix ref to trustedauth cube
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6320
diff
changeset
|
216 |
.. _`trustedauth`: http://www.cubicweb.org/project/cubicweb-trustedauth |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
217 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
218 |
Repository authentication plugins |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
219 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
220 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
221 |
On the repository side, it is possible to register a source |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
222 |
authentifier using the following kind of code: |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
223 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
224 |
.. sourcecode:: python |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
225 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
226 |
from cubicweb.server.sources import native |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
227 |
|
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
228 |
class FooAuthentifier(native.LoginPasswordAuthentifier): |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
229 |
""" a source authentifier plugin |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
230 |
if 'foo' in authentication information, no need to check |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
231 |
password |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
232 |
""" |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
233 |
auth_rql = 'Any X WHERE X is CWUser, X login %(login)s' |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
234 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
235 |
def authenticate(self, session, login, **kwargs): |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
236 |
"""return CWUser eid for the given login |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
237 |
if this account is defined in this source, |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
238 |
else raise `AuthenticationError` |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
239 |
""" |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
240 |
session.debug('authentication by %s', self.__class__.__name__) |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
241 |
if 'foo' not in kwargs: |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
242 |
return super(FooAuthentifier, self).authenticate(session, login, **kwargs) |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
243 |
try: |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
244 |
rset = session.execute(self.auth_rql, {'login': login}) |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
245 |
return rset[0][0] |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
246 |
except Exception, exc: |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
247 |
session.debug('authentication failure (%s)', exc) |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
248 |
raise AuthenticationError('foo user is unknown to us') |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
249 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
250 |
Since repository authentifiers are not appobjects, we have to register |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
251 |
them through a `server_startup` hook. |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
252 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
253 |
.. sourcecode:: python |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
254 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
255 |
class ServerStartupHook(hook.Hook): |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
256 |
""" register the foo authenticator """ |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
257 |
__regid__ = 'fooauthenticatorregisterer' |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
258 |
events = ('server_startup',) |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
259 |
|
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
260 |
def __call__(self): |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
261 |
self.debug('registering foo authentifier') |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
262 |
self.repo.system_source.add_authentifier(FooAuthentifier()) |
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
263 |
|
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
264 |
Web authentication plugins |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
265 |
~~~~~~~~~~~~~~~~~~~~~~~~~~ |
6313
b3fd91524132
[doc/book] begin an howto write auth plugins chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6311
diff
changeset
|
266 |
|
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
267 |
.. sourcecode:: python |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
268 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
269 |
class XFooUserRetriever(authentication.LoginPasswordRetriever): |
6319
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
270 |
""" authenticate by the x-foo-user http header |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
271 |
or just do normal login/password authentication |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
272 |
""" |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
273 |
__regid__ = 'x-foo-user' |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
274 |
order = 0 |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
275 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
276 |
def authentication_information(self, req): |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
277 |
"""retrieve authentication information from the given request, raise |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
278 |
NoAuthInfo if expected information is not found |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
279 |
""" |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
280 |
self.debug('web authenticator building auth info') |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
281 |
try: |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
282 |
login = req.get_header('x-foo-user') |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
283 |
if login: |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
284 |
return login, {'foo': True} |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
285 |
else: |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
286 |
return super(XFooUserRetriever, self).authentication_information(self, req) |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
287 |
except Exception, exc: |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
288 |
self.debug('web authenticator failed (%s)', exc) |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
289 |
raise authentication.NoAuthInfo() |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
290 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
291 |
def authenticated(self, retriever, req, cnx, login, authinfo): |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
292 |
"""callback when return authentication information have opened a |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
293 |
repository connection successfully. Take care req has no session |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
294 |
attached yet, hence req.execute isn't available. |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
295 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
296 |
Here we set a flag on the request to indicate that the user is |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
297 |
foo-authenticated. Can be used by a selector |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
298 |
""" |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
299 |
self.debug('web authenticator running post authentication callback') |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
300 |
cnx.foo_user = authinfo.get('foo') |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
301 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
302 |
In the `authenticated` method we add (in an admitedly slightly hackish |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
303 |
way) an attribute to the connection object. This, in turn, can be used |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
304 |
to build a selector dispatching on the fact that the user was |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
305 |
preauthenticated or not. |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
306 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
307 |
.. sourcecode:: python |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
308 |
|
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
309 |
@objectify_selector |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
310 |
def foo_authenticated(cls, req, rset=None, **kwargs): |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
311 |
if hasattr(req.cnx, 'foo_user') and req.foo_user: |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
312 |
return 1 |
20a7399ed58d
[doc/book] complete section on authentication plugins
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6313
diff
changeset
|
313 |
return 0 |
8760
17994bf95d6a
[doc] update Session documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
7751
diff
changeset
|
314 |
|
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
315 |
Full Session and Connection API |
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
316 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
8760
17994bf95d6a
[doc] update Session documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
7751
diff
changeset
|
317 |
|
17994bf95d6a
[doc] update Session documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
7751
diff
changeset
|
318 |
.. autoclass:: cubicweb.server.session.Session |
9580
abaae1496ba4
[book] Update documentation for new repoapi
Julien Cristau <julien.cristau@logilab.fr>
parents:
9175
diff
changeset
|
319 |
.. autoclass:: cubicweb.server.session.Connection |