Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
pyramid_cubicweb/defaults.py
author Christophe de Vienne <christophe@unlish.com>
Thu, 18 Sep 2014 16:51:55 +0200
changeset 11509 ca3412269cd1
parent 11507 4d7286f079e1
child 11519 92423d03ef25
permissions -rw-r--r--
Handle '__setauthcookie' '__setauthcookie' is a form parameter added by the 'rememberme' cube. If present and equals to '1', the cookie max_age will be set to 7 days instead of being a session cookie. To make sure the auth cookie is renewed, the reissue_time is set to 1h.

import warnings

from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy

from pyramid_cubicweb.core import get_principals


def includeme(config):
    config.include('pyramid_cubicweb.session')

    secret = config.registry['cubicweb.config']['pyramid-auth-secret']

    if not secret:
        secret = 'notsosecret'
        warnings.warn('''

            !! WARNING !! !! WARNING !!

            The authentication cookies are signed with a static secret key.
            To put your own secret key, edit your all-in-one.conf file
            and set the 'pyramid-session-secret' key.

            YOU SHOULD STOP THIS INSTANCE unless your really know what you
            are doing !!

        ''')

    config.set_authentication_policy(
        AuthTktAuthenticationPolicy(
            secret, callback=get_principals, hashalg='sha512',
            reissue_time=3600))
    config.set_authorization_policy(ACLAuthorizationPolicy())

    config.include('pyramid_cubicweb.login')
cubicweb