47 |
47 |
48 def forget(self, request): |
48 def forget(self, request): |
49 return () |
49 return () |
50 |
50 |
51 |
51 |
|
52 class CWAuthTktAuthenticationPolicy(AuthTktAuthenticationPolicy): |
|
53 """ |
|
54 An authentication policy that inhibate the call the 'remember' if a |
|
55 'persistent' argument is passed to it, and is equal to the value that |
|
56 was passed to the constructor. |
|
57 |
|
58 This allow to combine two policies with different settings and select them |
|
59 by just setting this argument. |
|
60 """ |
|
61 def __init__(self, secret, persistent, **kw): |
|
62 self.persistent = persistent |
|
63 super(CWAuthTktAuthenticationPolicy, self).__init__(secret, **kw) |
|
64 |
|
65 def remember(self, request, principals, **kw): |
|
66 if 'persistent' not in kw or kw.pop('persistent') == self.persistent: |
|
67 return super(CWAuthTktAuthenticationPolicy, self).remember( |
|
68 request, principals, **kw) |
|
69 else: |
|
70 return () |
|
71 |
|
72 |
52 def includeme(config): |
73 def includeme(config): |
53 """ Activate the CubicWeb AuthTkt authentication policy. |
74 """ Activate the CubicWeb AuthTkt authentication policy. |
54 |
75 |
55 Usually called via ``config.include('pyramid_cubicweb.auth')``. |
76 Usually called via ``config.include('pyramid_cubicweb.auth')``. |
56 |
77 |
80 are doing !! |
101 are doing !! |
81 |
102 |
82 ''') |
103 ''') |
83 |
104 |
84 policies.append( |
105 policies.append( |
85 AuthTktAuthenticationPolicy( |
106 CWAuthTktAuthenticationPolicy( |
86 secret, hashalg='sha512', reissue_time=3600)) |
107 secret, False, hashalg='sha512', |
|
108 cookie_name=settings.get( |
|
109 'cubicweb.auth.authtkt.session.cookie_name', |
|
110 'auth_tkt'), |
|
111 timeout=int(settings.get( |
|
112 'cubicweb.auth.authtkt.session.timeout', |
|
113 1200)), |
|
114 reissue_time=int(settings.get( |
|
115 'cubicweb.auth.authtkt.session.reissue_time', |
|
116 120)) |
|
117 ) |
|
118 ) |
|
119 |
|
120 policies.append( |
|
121 CWAuthTktAuthenticationPolicy( |
|
122 secret, True, hashalg='sha512', |
|
123 cookie_name=settings.get( |
|
124 'cubicweb.auth.authtkt.persistent.cookie_name', |
|
125 'pauth_tkt'), |
|
126 max_age=int(settings.get( |
|
127 'cubicweb.auth.authtkt.persistent.max_age', |
|
128 3600*24*30 # defaults to 1 month |
|
129 )), |
|
130 reissue_time=int(settings.get( |
|
131 'cubicweb.auth.authtkt.persistent.reissue_time', |
|
132 3600*24 |
|
133 )) |
|
134 ) |
|
135 ) |
87 |
136 |
88 kw = {} |
137 kw = {} |
89 if asbool(settings.get('cubicweb.auth.groups_principals', True)): |
138 if asbool(settings.get('cubicweb.auth.groups_principals', True)): |
90 kw['callback'] = get_principals |
139 kw['callback'] = get_principals |
91 |
140 |