apicrud.SessionAuth

class apicrud.SessionAuth(func_send=None, roles_from=None)

Session Authorization

Functions for login, password and role authorization

Parameters
  • func_send (function) – name of function for sending message

  • roles_from (obj) – model for which to look up authorizations

__init__(func_send=None, roles_from=None)

Initialize self. See help(type(self)) for accurate signature.

Methods

__init__([func_send, roles_from])

Initialize self.

account_add(username, uid)

Add an account with the given username

account_login(username, password[, method])

Log in using local or OAuth2 credentials

api_access(apikey)

Access using API key

auth_params()

Get authorization info

change_password(uid, new_password, reset_token)

Update a user’s password, applying complexity rules; must specify either the old password or a reset token

forgot_password(identity, username[, template])

Trigger Confirmation.request; specify either the username or email address

get_roles(uid, member_model[, resource, id])

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

methods()

Return list of available auth methods

oauth_callback(method[, code, state])

Callback from 3rd-party OAuth2 provider auth

register(identity, username, name[, …])

Register a new account: create related records in database and send confirmation token to new user

update_auth(member_model, id[, resource, force])

Check current access, update if recently changed

account_add(username, uid)

Add an account with the given username

Parameters
  • username (str) – new / unique username

  • uid (str) – existing user

account_login(username, password, method='local')

Log in using local or OAuth2 credentials

Parameters
  • username (str) – account name or email

  • password (str) – credential

  • method (str) – local, or google / facebook / twitter etc

Returns

Fields include jwt_token (contains uid / account ID), ID of entry in settings database, and a sub-dictionary with mapping of endpoints registered to microservices

Return type

dict

api_access(apikey)

Access using API key

Parameters

apikey (str) – the API key

Returns

uid, scopes (None if not authorized)

Return type

dict

auth_params()

Get authorization info

change_password(uid, new_password, reset_token, old_password=None, verify_password=None)

Update a user’s password, applying complexity rules; must specify either the old password or a reset token

Parameters
  • uid (str) – User ID

  • new_password (str) – the new passphrase

  • reset_token (str) – a token retrieved from Confirmation.request

  • old_password (str) – the old passphrase

Returns

dict with account_id/uid/username, http response

Return type

tuple

forgot_password(identity, username, template='password_reset')

Trigger Confirmation.request; specify either the username or email address

Parameters
  • identity (str) – account’s primary identity, usually an email

  • username (str) – account’s username

  • template (str) – template for message (confirming new user)

Returns

the Confirmation.request dict and http response

Return type

tuple

get_roles(uid, member_model, resource=None, id=None)

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

Parameters
  • uid (str) – User ID

  • member_model (obj) – the DB model that defines membership in resource

  • resource (str) – the resource that defines privacy (e.g. list)

  • id (str) – ID of the resource (omit if all are desired)

Returns

authorized roles

Return type

list of str

methods()

Return list of available auth methods

oauth_callback(method, code=None, state=None)

Callback from 3rd-party OAuth2 provider auth

Parse the response, look up the account based on email address, and proceed if login_accepted

Parameters
  • method (str) – provider name, such as google

  • code (str) – validation code from provider

  • state (str) – provider state

register(identity, username, name, template='confirm_new', picture=None)

Register a new account: create related records in database and send confirmation token to new user

TODO caller still has to invoke account-create function to generate record in accounts table

Parameters
  • identity (str) – account’s primary identity, usually an email

  • username (str) – account’s username

  • name (str) – name

  • picture (url) – URL of an avatar / photo

  • template (str) – template for message (confirming new user)

Returns

the Confirmation.request dict and http response

Return type

tuple

update_auth(member_model, id, resource=None, force=False)

Check current access, update if recently changed

Parameters
  • member_model (obj) – model (e.g. Guest) which defines membership in resource

  • id (str) – resource id of parent resource

  • resource (str) – parent resource for which membership should be checked

  • force (bool) – perform update regardless of logged-in permissions