apicrud.SessionAuth¶
-
class
apicrud.
SessionAuth
(func_send=None, roles_from=None)¶ Session Authorization
Functions for login, password and role authorization
- Parameters
func_send (function) – name of function for sending message
roles_from (obj) – model for which to look up authorizations
-
__init__
(func_send=None, roles_from=None)¶ Initialize self. See help(type(self)) for accurate signature.
Methods
__init__
([func_send, roles_from])Initialize self.
account_add
(username, uid)Add an account with the given username
account_login
(username, password[, method])Log in using local or OAuth2 credentials
api_access
(apikey)Access using API key
Get authorization info
change_password
(uid, new_password, reset_token)Update a user’s password, applying complexity rules; must specify either the old password or a reset token
forgot_password
(identity, username[, template])Trigger Confirmation.request; specify either the username or email address
get_roles
(uid, member_model[, resource, id])Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>
methods
()Return list of available auth methods
oauth_callback
(method[, code, state])Callback from 3rd-party OAuth2 provider auth
register
(identity, username, name[, …])Register a new account: create related records in database and send confirmation token to new user
update_auth
(member_model, id[, resource, force])Check current access, update if recently changed
-
account_add
(username, uid)¶ Add an account with the given username
- Parameters
username (str) – new / unique username
uid (str) – existing user
-
account_login
(username, password, method='local')¶ Log in using local or OAuth2 credentials
- Parameters
username (str) – account name or email
password (str) – credential
method (str) – local, or google / facebook / twitter etc
- Returns
Fields include jwt_token (contains uid / account ID), ID of entry in settings database, and a sub-dictionary with mapping of endpoints registered to microservices
- Return type
dict
-
api_access
(apikey)¶ Access using API key
- Parameters
apikey (str) – the API key
- Returns
uid, scopes (None if not authorized)
- Return type
dict
-
auth_params
()¶ Get authorization info
-
change_password
(uid, new_password, reset_token, old_password=None, verify_password=None)¶ Update a user’s password, applying complexity rules; must specify either the old password or a reset token
- Parameters
uid (str) – User ID
new_password (str) – the new passphrase
reset_token (str) – a token retrieved from Confirmation.request
old_password (str) – the old passphrase
- Returns
dict with account_id/uid/username, http response
- Return type
tuple
-
forgot_password
(identity, username, template='password_reset')¶ Trigger Confirmation.request; specify either the username or email address
- Parameters
identity (str) – account’s primary identity, usually an email
username (str) – account’s username
template (str) – template for message (confirming new user)
- Returns
the Confirmation.request dict and http response
- Return type
tuple
-
get_roles
(uid, member_model, resource=None, id=None)¶ Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>
- Parameters
uid (str) – User ID
member_model (obj) – the DB model that defines membership in resource
resource (str) – the resource that defines privacy (e.g. list)
id (str) – ID of the resource (omit if all are desired)
- Returns
authorized roles
- Return type
list of str
-
methods
()¶ Return list of available auth methods
-
oauth_callback
(method, code=None, state=None)¶ Callback from 3rd-party OAuth2 provider auth
Parse the response, look up the account based on email address, and proceed if login_accepted
- Parameters
method (str) – provider name, such as google
code (str) – validation code from provider
state (str) – provider state
-
register
(identity, username, name, template='confirm_new', picture=None)¶ Register a new account: create related records in database and send confirmation token to new user
TODO caller still has to invoke account-create function to generate record in accounts table
- Parameters
identity (str) – account’s primary identity, usually an email
username (str) – account’s username
name (str) – name
picture (url) – URL of an avatar / photo
template (str) – template for message (confirming new user)
- Returns
the Confirmation.request dict and http response
- Return type
tuple
-
update_auth
(member_model, id, resource=None, force=False)¶ Check current access, update if recently changed
- Parameters
member_model (obj) – model (e.g. Guest) which defines membership in resource
id (str) – resource id of parent resource
resource (str) – parent resource for which membership should be checked
force (bool) – perform update regardless of logged-in permissions