wsgi: clearer exception when CW_INSTANCE is missing
instance_name is mandatory for cwcfg.config_for()
Raise with a KeyError: 'CW_INSTANCE' instead of hard to read exception.
Authentication
==============
Overview
--------
A default authentication stack is provided by the :mod:`pyramid_cubicweb.auth`
module, which is included by :mod:`pyramid_cubicweb.default`.
The authentication stack is built around `pyramid_multiauth`_, and provides a
few default policies that reproduce the default cubicweb behavior.
.. note::
Note that this module only provides an authentication policy, not the views
that handle the login form. See :ref:`login_module`
Customize
---------
The default policies can be individually deactivated, as well as the default
authentication callback that returns the current user groups as :term:`principals`.
The following settings can be set to `False`:
- :confval:`cubicweb.auth.update_login_time`. Activate the policy that update
the user `login_time` when `remember` is called.
- :confval:`cubicweb.auth.authtkt` and all its subvalues.
- :confval:`cubicweb.auth.groups_principals`
Additionnal policies can be added by accessing the MultiAuthenticationPolicy
instance in the registry:
.. code-block:: python
mypolicy = SomePolicy()
authpolicy = config.registry['cubicweb.authpolicy']
authpolicy._policies.append(mypolicy)
.. _pyramid_multiauth: https://github.com/mozilla-services/pyramid_multiauth