Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/book/pyramid/settings.rst
author Denis Laxalde <denis.laxalde@logilab.fr>
Fri, 05 Apr 2019 17:58:19 +0200
changeset 12567 26744ad37953
parent 12186 36f1c7ab9010
child 12792 e2cdb1be6bd9
permissions -rw-r--r--
Drop python2 support This mostly consists in removing the dependency on "six" and updating the code to use only Python3 idioms. Notice that we previously used TemporaryDirectory from cubicweb.devtools.testlib for compatibility with Python2. We now directly import it from tempfile.

Settings
========

.. _cubicweb_settings:

Cubicweb Settings
-----------------

Pyramid CubicWeb will **not** make use of the configuration entries
found in the cubicweb configuration (a.k.a. `all-in-one.conf`) for any
pyramid related configuration value.


.. _pyramid_settings:

Pyramid Settings file
---------------------

In *backwards compatibility* mode, Pyramid settings will be looked for in a
``pyramid.ini`` file in the instance home directory (where the
``all-in-one.conf`` file is), its ``[main]`` section will be read and used as
the ``settings`` of the pyramid Configurator.

This configuration file is almost the same as the one read by ``pserve``, which
allow to easily add any pyramid extension and configure it.

A typical ``pyramid.ini`` file is:

.. code-block:: ini

    [main]
    pyramid.includes =
        pyramid_redis_sessions

    cubicweb.defaults = no
    cubicweb.includes =
        cubicweb.pyramid.auth
        cubicweb.pyramid.login

    cubicweb.profile = no

    redis.sessions.secret = your_cookie_signing_secret
    redis.sessions.timeout = 1200

    redis.sessions.host = mywheezy


Without *backwards compatibility* a standard ``development.ini`` file can be
used with any useful CubicWeb-specific settings added.


Pyramid CubicWeb configuration entries
--------------------------------------

The Pyramid CubicWeb specific configuration entries are:

.. confval:: cubicweb.instance (string)

    A CubicWeb instance name. Useful when the application is not run by
    :ref:`cubicweb-ctl_pyramid`.

.. confval:: cubicweb.debug (bool)

    Enables the cubicweb debugmode. Works only if the instance is setup by
    :confval:`cubicweb.instance`.

    Unlike when the debugmode is set by the :option:`cubicweb-ctl pyramid --debug-mode`
    command, the pyramid debug options are untouched.

.. confval:: cubicweb.includes (list)

    Same as ``pyramid.includes``, but the includes are done after the cubicweb
    specific registry entries are initialized.

    Useful to include extensions that requires these entries.

.. confval:: cubicweb.bwcompat (bool)

    (True) Enable/disable backward compatibility. This only applies to
    "all-in-one" configuration type.

    See :ref:`bwcompat_module`.

.. confval:: cubicweb.bwcompat.errorhandler (bool)

    (True) Enable/disable the backward compatibility error handler.
    Set to 'no' if you need to define your own error handlers.

.. confval:: cubicweb.defaults (bool)

    (True) Enable/disable defaults. See :ref:`defaults_module`.

.. confval:: cubicweb.profile (bool)

    (False) Enable/disable profiling. See :ref:`profiling`.

.. confval:: cubicweb.auth.update_login_time (bool)

    (True) Add a :class:`cubicweb.pyramid.auth.UpdateLoginTimeAuthenticationPolicy`
    policy, that update the CWUser.login_time attribute when a user login.
    
.. confval:: cubicweb.auth.authtkt (bool)

    (True) Enables the 2 cookie-base auth policies, which activate/deactivate
    depending on the `persistent` argument passed to `remember`.

    The default login views set persistent to True if a `__setauthcookie`
    parameters is passed to them, and evals to True in
    :func:`pyramid.settings.asbool`.

    The configuration values of the policies are arguments for
    :class:`pyramid.authentication.AuthTktAuthenticationPolicy`.

    The first policy handles session authentication. It doesn't get
    activated if `remember()` is called with `persistent=False`:

    .. confval:: cubicweb.auth.authtkt.session.cookie_name (str)

        ('auth_tkt') The cookie name. Must be different from the persistent
        authentication cookie name.

    .. confval:: cubicweb.auth.authtkt.session.timeout (int)

        (1200) Cookie timeout.

    .. confval:: cubicweb.auth.authtkt.session.reissue_time (int)

        (120) Reissue time.

    The second policy handles persistent authentication. It doesn't get
    activated if `remember()` is called with `persistent=True`:

    .. confval:: cubicweb.auth.authtkt.persistent.cookie_name (str)

        ('auth_tkt') The cookie name. Must be different from the session
        authentication cookie name.

    .. confval:: cubicweb.auth.authtkt.persistent.max_age (int)

        (30 days) Max age in seconds.

    .. confval:: cubicweb.auth.authtkt.persistent.reissue_time (int)

        (1 day) Reissue time in seconds.

    Both policies set the ``secure`` flag to ``True`` by default, meaning that
    cookies will only be sent back over a secure connection (see
    `Authentication Policies documentation`_ for details). This can be
    configured through :confval:`cubicweb.auth.authtkt.persistent.secure` and
    :confval:`cubicweb.auth.authtkt.session.secure` configuration options.

    .. _`Authentication Policies documentation`: \
        http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html

.. confval:: cubicweb.auth.groups_principals (bool)

    (True) Setup a callback on the authentication stack that inject the user
    groups in the principals.
cubicweb