diff -r 25d93d14f8b6 -r a49f08423f02 pyramid_cubicweb/auth.py --- a/pyramid_cubicweb/auth.py Thu Feb 12 19:21:39 2015 +0100 +++ b/pyramid_cubicweb/auth.py Thu Feb 26 00:56:32 2015 +0100 @@ -49,6 +49,27 @@ return () +class CWAuthTktAuthenticationPolicy(AuthTktAuthenticationPolicy): + """ + An authentication policy that inhibate the call the 'remember' if a + 'persistent' argument is passed to it, and is equal to the value that + was passed to the constructor. + + This allow to combine two policies with different settings and select them + by just setting this argument. + """ + def __init__(self, secret, persistent, **kw): + self.persistent = persistent + super(CWAuthTktAuthenticationPolicy, self).__init__(secret, **kw) + + def remember(self, request, principals, **kw): + if 'persistent' not in kw or kw.pop('persistent') == self.persistent: + return super(CWAuthTktAuthenticationPolicy, self).remember( + request, principals, **kw) + else: + return () + + def includeme(config): """ Activate the CubicWeb AuthTkt authentication policy. @@ -82,8 +103,36 @@ ''') policies.append( - AuthTktAuthenticationPolicy( - secret, hashalg='sha512', reissue_time=3600)) + CWAuthTktAuthenticationPolicy( + secret, False, hashalg='sha512', + cookie_name=settings.get( + 'cubicweb.auth.authtkt.session.cookie_name', + 'auth_tkt'), + timeout=int(settings.get( + 'cubicweb.auth.authtkt.session.timeout', + 1200)), + reissue_time=int(settings.get( + 'cubicweb.auth.authtkt.session.reissue_time', + 120)) + ) + ) + + policies.append( + CWAuthTktAuthenticationPolicy( + secret, True, hashalg='sha512', + cookie_name=settings.get( + 'cubicweb.auth.authtkt.persistent.cookie_name', + 'pauth_tkt'), + max_age=int(settings.get( + 'cubicweb.auth.authtkt.persistent.max_age', + 3600*24*30 # defaults to 1 month + )), + reissue_time=int(settings.get( + 'cubicweb.auth.authtkt.persistent.reissue_time', + 3600*24 + )) + ) + ) kw = {} if asbool(settings.get('cubicweb.auth.groups_principals', True)):