apicrud.SessionAuth
- class apicrud.SessionAuth(roles_from=None)
Session Authorization
Functions for login, password and role authorization
- Parameters
roles_from (obj) – model for which to look up authorizations
- __init__(roles_from=None)
Methods
__init__
([roles_from])account_add
(username, uid)Add an account with the given username
account_login
(username, password[, method, ...])Log in using local or OAuth2 credentials
Get authorization info
get_roles
(uid[, member_model, resource, id])Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>
login_accepted
(username, account, method[, ...])Login accepted from provider: create a session
methods
()Return list of available auth methods
register
(identity, username, name[, ...])Register a new account: create related records in database and send confirmation token to new user
totp_bypass
(uid)Check for bypass cookie
update_auth
(id[, member_model, resource, force])Check current access, update if recently changed
- account_add(username, uid)
Add an account with the given username
- Parameters
username (str) – new / unique username
uid (str) – existing user
- account_login(username, password, method=None, otp=None, nonce=None)
Log in using local or OAuth2 credentials
- Parameters
username (str) – account name or email
password (str) – credential
method (str) – local, ldap, or google / facebook / twitter etc
otp (str) – one-time or backup password
nonce (str) – a nonce check value (for OAuth2: optional)
- Returns
Fields include jwt_token (contains uid / account ID), ID of entry in settings database, and a sub-dictionary with mapping of endpoints registered to microservices
- Return type
dict
- auth_params()
Get authorization info
- get_roles(uid, member_model=None, resource=None, id=None)
Get roles that match uid / id for a resource Each is in the form <resource>-<id>-<privacy level>
- Parameters
uid (str) – User ID
member_model (str) – resource-name of DB model that defines membership in resource
resource (str) – the resource that defines privacy (e.g. list)
id (str) – ID of the resource (omit if all are desired)
- Returns
authorized roles
- Return type
list of str
- login_accepted(username, account, method, headers=None)
Login accepted from provider: create a session
- Parameters
username (str) – the account’s unique username
account (obj) – account object in database
method (str) – method, e.g. local or google
headers (dict) – additional headers, such as Set-Cookie
- methods()
Return list of available auth methods
- register(identity, username, name, template='confirm_new', picture=None)
Register a new account: create related records in database and send confirmation token to new user
TODO caller still has to invoke account_add function to generate record in accounts table
- Parameters
identity (str) – account’s primary identity, usually an email
username (str) – account’s username
name (str) – name
picture (url) – URL of an avatar / photo
template (str) – template for message (confirming new user)
- Returns
the Confirmation.request dict and http response
- Return type
tuple
- totp_bypass(uid)
Check for bypass cookie
- Parameters
uid (str) – User ID
- Returns
valid bypass found
- Return type
bool
- update_auth(id, member_model=None, resource=None, force=False)
Check current access, update if recently changed
- Parameters
id (str) – resource id of parent resource
resource (str) – parent resource for which membership should be checked
force (bool) – perform update regardless of logged-in permissions