apicrud.SessionAuth

class apicrud.SessionAuth(func_send=None)

Session Authorization

Functions for login, password and role authorization

Parameters

func_send (function) – name of function for sending message

__init__(func_send=None)

Initialize self. See help(type(self)) for accurate signature.

Methods

__init__([func_send])

Initialize self.

account_login(username, password[, roles_from])

Log in with username or email

api_access(apikey[, roles_from])

Access using API key

change_password(uid, new_password, reset_token)

Update a user’s password, applying complexity rules; must specify either the old password or a reset token

forgot_password(identity, username[, template])

Trigger Confirmation.request; specify either the username or email address

get_roles(uid, member_model[, resource, id])

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

register(identity, username, name[, template])

Register a new account: create related records in database and send confirmation token to new user

update_auth(member_model, id[, resource, force])

Check current access, update if recently changed

account_login(username, password, roles_from=None)

Log in with username or email

Parameters
  • username (str) – account name or email

  • password (str) – credential

  • identity_from (obj) – model from which to find contact info

  • roles_from (obj) – model for which to look up authorizations

Returns

Fields include jwt_token (contains uid / account ID), ID of entry in settings database, and a sub-dictionary with mapping of endpoints registered to microservices

Return type

dict

api_access(apikey, roles_from=None)

Access using API key

Parameters
  • apikey (str) – the API key

  • roles_from (obj) – model for which to look up authorizations

Returns

uid, scopes (None if not authorized)

Return type

dict

change_password(uid, new_password, reset_token, old_password=None, verify_password=None)

Update a user’s password, applying complexity rules; must specify either the old password or a reset token

Parameters
  • uid (str) – User ID

  • new_password (str) – the new passphrase

  • reset_token (str) – a token retrieved from Confirmation.request

  • old_password (str) – the old passphrase

Returns

dict with account_id/uid/username, http response

Return type

tuple

forgot_password(identity, username, template='password_reset')

Trigger Confirmation.request; specify either the username or email address

Parameters
  • identity (str) – account’s primary identity, usually an email

  • username (str) – account’s username

  • template (str) – template for message (confirming new user)

Returns

the Confirmation.request dict and http response

Return type

tuple

get_roles(uid, member_model, resource=None, id=None)

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

Parameters
  • uid (str) – User ID

  • member_model (obj) – the DB model that defines membership in resource

  • resource (str) – the resource that defines privacy (e.g. list)

  • id (str) – ID of the resource (omit if all are desired)

Returns

authorized roles

Return type

list of str

register(identity, username, name, template='confirm_new')

Register a new account: create related records in database and send confirmation token to new user

TODO caller still has to invoke account-create function to generate record in accounts table

Parameters
  • identity (str) – account’s primary identity, usually an email

  • username (str) – account’s username

  • name (str) – name

  • template (str) – template for message (confirming new user)

Returns

the Confirmation.request dict and http response

Return type

tuple

update_auth(member_model, id, resource=None, force=False)

Check current access, update if recently changed

Parameters
  • member_model (obj) – model (e.g. Guest) which defines membership in resource

  • id (str) – resource id of parent resource

  • resource (str) – parent resource for which membership should be checked

  • force (bool) – perform update regardless of logged-in permissions