apicrud.auth¶
-
class
apicrud.auth.
APIKey
(roles_from=None)¶ -
access
(apikey, otp=None)¶ Access using API key
- Parameters
apikey (str) – the API key
otp (str) – 6 or 8-digit one-time password
- Returns
uid, scopes (None if not authorized)
- Return type
dict
-
-
class
apicrud.auth.
AuthTOTP
¶ TOTP for Session Authorization
Functions for generating, registering and validating Time-based One Time Password tokens
-
register
(body)¶ Register a new account: create related records in database and send confirmation token to new user
TODO caller still has to invoke account_add function to generate record in accounts table
- Parameters
identity (str) – account’s primary identity, usually an email
username (str) – account’s username
name (str) – name
picture (url) – URL of an avatar / photo
template (str) – template for message (confirming new user)
- Returns
the Confirmation.request dict and http response
- Return type
tuple
-
-
class
apicrud.auth.
LocalUser
¶ Manage local user accounts
-
change_password
(uid, new_password, reset_token, old_password=None, verify_password=None)¶ Update a user’s password, applying complexity rules; must specify either the old password or a reset token
- Parameters
uid (str) – User ID
new_password (str) – the new passphrase
reset_token (str) – a token retrieved from Confirmation.request
old_password (str) – the old passphrase
- Returns
dict with account_id/uid/username, http response
- Return type
tuple
-
forgot_password
(identity, username, template='password_reset')¶ Trigger Confirmation.request; specify either the username or email address. For security, administrators are not allowed to use this feature.
- Parameters
identity (str) – account’s primary identity, usually an email
username (str) – account’s username
template (str) – template for message (confirming new user)
- Returns
the Confirmation.request dict and http response
- Return type
tuple
-
-
class
apicrud.auth.
OAuth2
¶ OAuth2 for Session Authorization
-
callback
(method, code=None, state=None)¶ Callback from 3rd-party OAuth2 provider auth
Parse the response, look up the account based on email address, and pass control to SessionAuth.login_accepted
- Parameters
method (str) – provider name, such as google
code (str) – validation code from provider
state (str) – provider state
-
Modules
apikey |
|
ldap_func |
|
local_func |
|
local_user |
|
oauth2 |
|
oauth2_func |
|
totp |
|
totp_func |