apicrud.auth.local_user¶
local_user
created 26-mar-2020 by richb@instantlinux.net monolith broken out 6-apr-2021
Functions
|
This is a modified basic-auth validation function. |
Classes
Manage local user accounts |
-
class
apicrud.auth.local_user.
LocalUser
¶ Manage local user accounts
-
change_password
(uid, new_password, reset_token, old_password=None, verify_password=None)¶ Update a user’s password, applying complexity rules; must specify either the old password or a reset token
- Parameters
uid (str) – User ID
new_password (str) – the new passphrase
reset_token (str) – a token retrieved from Confirmation.request
old_password (str) – the old passphrase
- Returns
dict with account_id/uid/username, http response
- Return type
tuple
-
forgot_password
(identity, username, template='password_reset')¶ Trigger Confirmation.request; specify either the username or email address. For security, administrators are not allowed to use this feature.
- Parameters
identity (str) – account’s primary identity, usually an email
username (str) – account’s username
template (str) – template for message (confirming new user)
- Returns
the Confirmation.request dict and http response
- Return type
tuple
-
-
apicrud.auth.local_user.
basic
(username, password, required_scopes=None)¶ This is a modified basic-auth validation function. The auth login controller method generates a random 8-byte token, stores it in the session_manager object as token_auth, and sends it to javascript authProvider. The dataProvider must send it back to us as basic-auth (base64-encoded).
Vulnerable to session-hijacking if auth packets aren’t encrypted end to end, but “good enough” until OAuth2 effort is completed.
Implemented because of https://github.com/zalando/connexion/issues/791
- Parameters
username (str) – Session UID
password (str) – Session token
required_scopes (list) – not used
- Returns
uid with the username passed in
- Return type
dict