Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/book/pyramid/settings.rst
author Denis Laxalde <denis.laxalde@logilab.fr>
Mon, 06 Mar 2017 14:19:20 +0100
changeset 12008 7694dcf5ad30
parent 11631 faf279e33298
child 12098 452129511244
permissions -rw-r--r--
[etwist] Do not call repository's start_looping_tasks anymore and warn about this We are about to drop this method from Repository class and replace it by a blocking alternative. This is not compatible with how things currently work in a Twisted server implementation. So do not start repository "looping tasks" in Twisted server anymore and issue a warning about this. If someone is interested in restoring the "all-in-one" behavior where the repository runs within a Twisted server, they may start by implementing repository looping tasks using a Twisted mechanism such as, e.g., http://twistedmatrix.com/documents/current/core/howto/time.html and eventually provide the repository with a compatible scheduler instance so that is can register its periodic tasks. At the moment, we lack resources to do this (and maintain the Twisted server of CubicWeb in general). Related to #17057223.

Settings
========

.. _cubicweb_settings:

Cubicweb Settings
-----------------

Pyramid CubicWeb will **not** make use of the configuration entries
found in the cubicweb configuration (a.k.a. `all-in-one.conf`) for any
pyramid related configuration value.


.. _pyramid_settings:

Pyramid Settings
----------------

If a ``pyramid.ini`` file is found in the instance home directory (where the
``all-in-one.conf`` file is), its ``[main]`` section will be read and used as the
``settings`` of the pyramid Configurator.

This configuration file is almost the same as the one read by ``pserve``, which
allow to easily add any pyramid extension and configure it.

A typical ``pyramid.ini`` file is:

.. code-block:: ini

    [main]
    pyramid.includes =
        pyramid_redis_sessions

    cubicweb.defaults = no
    cubicweb.includes =
        cubicweb.pyramid.auth
        cubicweb.pyramid.login

    cubicweb.profile = no

    redis.sessions.secret = your_cookie_signing_secret
    redis.sessions.timeout = 1200

    redis.sessions.host = mywheezy

The Pyramid CubicWeb specific configuration entries are:

.. confval:: cubicweb.instance (string)

    A CubicWeb instance name. Useful when the application is not run by
    :ref:`cubicweb-ctl_pyramid`.

.. confval:: cubicweb.debug (bool)

    Enables the cubicweb debugmode. Works only if the instance is setup by
    :confval:`cubicweb.instance`.

    Unlike when the debugmode is set by the :option:`cubicweb-ctl pyramid --debug-mode`
    command, the pyramid debug options are untouched.

.. confval:: cubicweb.includes (list)

    Same as ``pyramid.includes``, but the includes are done after the cubicweb
    specific registry entries are initialized.

    Useful to include extensions that requires these entries.

.. confval:: cubicweb.bwcompat (bool)

    (True) Enable/disable backward compatibility. See :ref:`bwcompat_module`.

.. confval:: cubicweb.bwcompat.errorhandler (bool)

    (True) Enable/disable the backward compatibility error handler.
    Set to 'no' if you need to define your own error handlers.

.. confval:: cubicweb.defaults (bool)

    (True) Enable/disable defaults. See :ref:`defaults_module`.

.. confval:: cubicweb.profile (bool)

    (False) Enable/disable profiling. See :ref:`profiling`.

.. confval:: cubicweb.auth.update_login_time (bool)

    (True) Add a :class:`cubicweb.pyramid.auth.UpdateLoginTimeAuthenticationPolicy`
    policy, that update the CWUser.login_time attribute when a user login.
    
.. confval:: cubicweb.auth.authtkt (bool)

    (True) Enables the 2 cookie-base auth policies, which activate/deactivate
    depending on the `persistent` argument passed to `remember`.

    The default login views set persistent to True if a `__setauthcookie`
    parameters is passed to them, and evals to True in
    :func:`pyramid.settings.asbool`.

    The configuration values of the policies are arguments for
    :class:`pyramid.authentication.AuthTktAuthenticationPolicy`.

    The first policy handles session authentication. It doesn't get
    activated if `remember()` is called with `persistent=False`:

    .. confval:: cubicweb.auth.authtkt.session.cookie_name (str)

        ('auth_tkt') The cookie name. Must be different from the persistent
        authentication cookie name.

    .. confval:: cubicweb.auth.authtkt.session.timeout (int)

        (1200) Cookie timeout.

    .. confval:: cubicweb.auth.authtkt.session.reissue_time (int)

        (120) Reissue time.

    The second policy handles persistent authentication. It doesn't get
    activated if `remember()` is called with `persistent=True`:

    .. confval:: cubicweb.auth.authtkt.persistent.cookie_name (str)

        ('auth_tkt') The cookie name. Must be different from the session
        authentication cookie name.

    .. confval:: cubicweb.auth.authtkt.persistent.max_age (int)

        (30 days) Max age in seconds.

    .. confval:: cubicweb.auth.authtkt.persistent.reissue_time (int)

        (1 day) Reissue time in seconds.

    Both policies set the ``secure`` flag to ``True`` by default, meaning that
    cookies will only be sent back over a secure connection (see
    `Authentication Policies documentation`_ for details). This can be
    configured through :confval:`cubicweb.auth.authtkt.persistent.secure` and
    :confval:`cubicweb.auth.authtkt.session.secure` configuration options.

    .. _`Authentication Policies documentation`: \
        http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html

.. confval:: cubicweb.auth.groups_principals (bool)

    (True) Setup a callback on the authentication stack that inject the user
    groups in the principals.
cubicweb