apicrud.SessionAuth

class apicrud.SessionAuth(roles_from=None)

Session Authorization

Functions for login, password and role authorization

Parameters

roles_from (obj) – model for which to look up authorizations

__init__(roles_from=None)

Initialize self. See help(type(self)) for accurate signature.

Methods

__init__([roles_from])

Initialize self.

account_add(username, uid)

Add an account with the given username

account_login(username, password[, method, …])

Log in using local or OAuth2 credentials

auth_params()

Get authorization info

get_roles(uid[, member_model, resource, id])

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

login_accepted(username, account, method[, …])

Login accepted from provider: create a session

methods()

Return list of available auth methods

register(identity, username, name[, …])

Register a new account: create related records in database and send confirmation token to new user

totp_bypass(uid)

Check for bypass cookie

update_auth(id[, member_model, resource, force])

Check current access, update if recently changed

account_add(username, uid)

Add an account with the given username

Parameters
  • username (str) – new / unique username

  • uid (str) – existing user

account_login(username, password, method=None, otp=None, nonce=None)

Log in using local or OAuth2 credentials

Parameters
  • username (str) – account name or email

  • password (str) – credential

  • method (str) – local, ldap, or google / facebook / twitter etc

  • otp (str) – one-time or backup password

  • nonce (str) – a nonce check value (for OAuth2: optional)

Returns

Fields include jwt_token (contains uid / account ID), ID of entry in settings database, and a sub-dictionary with mapping of endpoints registered to microservices

Return type

dict

auth_params()

Get authorization info

get_roles(uid, member_model=None, resource=None, id=None)

Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>

Parameters
  • uid (str) – User ID

  • member_model (str) – resource-name of DB model that defines membership in resource

  • resource (str) – the resource that defines privacy (e.g. list)

  • id (str) – ID of the resource (omit if all are desired)

Returns

authorized roles

Return type

list of str

login_accepted(username, account, method, headers=None)

Login accepted from provider: create a session

Parameters
  • username (str) – the account’s unique username

  • account (obj) – account object in database

  • method (str) – method, e.g. local or google

  • headers (dict) – additional headers, such as Set-Cookie

methods()

Return list of available auth methods

register(identity, username, name, template='confirm_new', picture=None)

Register a new account: create related records in database and send confirmation token to new user

TODO caller still has to invoke account_add function to generate record in accounts table

Parameters
  • identity (str) – account’s primary identity, usually an email

  • username (str) – account’s username

  • name (str) – name

  • picture (url) – URL of an avatar / photo

  • template (str) – template for message (confirming new user)

Returns

the Confirmation.request dict and http response

Return type

tuple

totp_bypass(uid)

Check for bypass cookie

Parameters

uid (str) – User ID

Returns

valid bypass found

Return type

bool

update_auth(id, member_model=None, resource=None, force=False)

Check current access, update if recently changed

Parameters
  • id (str) – resource id of parent resource

  • resource (str) – parent resource for which membership should be checked

  • force (bool) – perform update regardless of logged-in permissions