apicrud.SessionAuth

class apicrud.SessionAuth(func_send=None, roles_from=None, redis_conn=None)

Session Authorization

Functions for login, password and role authorization

Parameters
  • func_send (function) – name of function for sending message

  • roles_from (obj) – model for which to look up authorizations

__init__(func_send=None, roles_from=None, redis_conn=None)

Initialize self. See help(type(self)) for accurate signature.

Methods

__init__([func_send, roles_from, redis_conn])

Initialize self.

account_add(username, uid)

Add an account with the given username

account_login(username, password[, method, otp])

Log in using local or OAuth2 credentials

api_access(apikey[, totp_cookie])

Access using API key

auth_params()

Get authorization info

get_roles(uid, member_model[, resource, id])

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

methods()

Return list of available auth methods

update_auth(member_model, id[, resource, force])

Check current access, update if recently changed

account_add(username, uid)

Add an account with the given username

Parameters
  • username (str) – new / unique username

  • uid (str) – existing user

account_login(username, password, method='local', otp=None)

Log in using local or OAuth2 credentials

Parameters
  • username (str) – account name or email

  • password (str) – credential

  • method (str) – local, or google / facebook / twitter etc

  • otp (str) – one-time or backup password

Returns

Fields include jwt_token (contains uid / account ID), ID of entry in settings database, and a sub-dictionary with mapping of endpoints registered to microservices

Return type

dict

api_access(apikey, totp_cookie=None)

Access using API key

Parameters
  • apikey (str) – the API key

  • totp_cookie (str) – a TOTP bypass cookie

Returns

uid, scopes (None if not authorized)

Return type

dict

auth_params()

Get authorization info

get_roles(uid, member_model, resource=None, id=None)

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

Parameters
  • uid (str) – User ID

  • member_model (obj) – the DB model that defines membership in resource

  • resource (str) – the resource that defines privacy (e.g. list)

  • id (str) – ID of the resource (omit if all are desired)

Returns

authorized roles

Return type

list of str

methods()

Return list of available auth methods

update_auth(member_model, id, resource=None, force=False)

Check current access, update if recently changed

Parameters
  • member_model (obj) – model (e.g. Guest) which defines membership in resource

  • id (str) – resource id of parent resource

  • resource (str) – parent resource for which membership should be checked

  • force (bool) – perform update regardless of logged-in permissions