Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/book/pyramid/auth.rst
author Denis Laxalde <denis.laxalde@logilab.fr>
Fri, 12 Jan 2018 10:56:30 +0100
branch3.25
changeset 12247 4a619b42263d
parent 11631 faf279e33298
permissions -rw-r--r--
Added tag 3.25.4, centos/3.25.4-1, debian/3.25.4-1 for changeset b8567725c473

Authentication
==============

Overview
--------

A default authentication stack is provided by the :mod:`cubicweb.pyramid.auth`
module, which is included by :mod:`cubicweb.pyramid.default`.

The authentication stack is built around `pyramid_multiauth`_, and provides a
few default policies that reproduce the default cubicweb behavior.

.. note::

    Note that this module only provides an authentication policy, not the views
    that handle the login form. See :ref:`login_module`

Customize
---------

The default policies can be individually deactivated, as well as the default
authentication callback that returns the current user groups as :term:`principals`.

The following settings can be set to `False`:

-   :confval:`cubicweb.auth.update_login_time`. Activate the policy that update
    the user `login_time` when `remember` is called.
-   :confval:`cubicweb.auth.authtkt` and all its subvalues.
-   :confval:`cubicweb.auth.groups_principals`

Additionnal policies can be added by accessing the MultiAuthenticationPolicy
instance in the registry:

.. code-block:: python

    mypolicy = SomePolicy()
    authpolicy = config.registry['cubicweb.authpolicy']
    authpolicy._policies.append(mypolicy)

.. _pyramid_multiauth: https://github.com/mozilla-services/pyramid_multiauth
cubicweb