Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/book/pyramid/auth.rst
author Denis Laxalde <denis.laxalde@logilab.fr>
Mon, 06 Mar 2017 14:19:20 +0100
changeset 12008 7694dcf5ad30
parent 11631 faf279e33298
permissions -rw-r--r--
[etwist] Do not call repository's start_looping_tasks anymore and warn about this We are about to drop this method from Repository class and replace it by a blocking alternative. This is not compatible with how things currently work in a Twisted server implementation. So do not start repository "looping tasks" in Twisted server anymore and issue a warning about this. If someone is interested in restoring the "all-in-one" behavior where the repository runs within a Twisted server, they may start by implementing repository looping tasks using a Twisted mechanism such as, e.g., http://twistedmatrix.com/documents/current/core/howto/time.html and eventually provide the repository with a compatible scheduler instance so that is can register its periodic tasks. At the moment, we lack resources to do this (and maintain the Twisted server of CubicWeb in general). Related to #17057223.

Authentication
==============

Overview
--------

A default authentication stack is provided by the :mod:`cubicweb.pyramid.auth`
module, which is included by :mod:`cubicweb.pyramid.default`.

The authentication stack is built around `pyramid_multiauth`_, and provides a
few default policies that reproduce the default cubicweb behavior.

.. note::

    Note that this module only provides an authentication policy, not the views
    that handle the login form. See :ref:`login_module`

Customize
---------

The default policies can be individually deactivated, as well as the default
authentication callback that returns the current user groups as :term:`principals`.

The following settings can be set to `False`:

-   :confval:`cubicweb.auth.update_login_time`. Activate the policy that update
    the user `login_time` when `remember` is called.
-   :confval:`cubicweb.auth.authtkt` and all its subvalues.
-   :confval:`cubicweb.auth.groups_principals`

Additionnal policies can be added by accessing the MultiAuthenticationPolicy
instance in the registry:

.. code-block:: python

    mypolicy = SomePolicy()
    authpolicy = config.registry['cubicweb.authpolicy']
    authpolicy._policies.append(mypolicy)

.. _pyramid_multiauth: https://github.com/mozilla-services/pyramid_multiauth
cubicweb