apicrud.auth.local_user

local_user

created 26-mar-2020 by richb@instantlinux.net monolith broken out 6-apr-2021

Functions

basic(username, password[, required_scopes])

This is a modified basic-auth validation function.

Classes

LocalUser()

Manage local user accounts

class apicrud.auth.local_user.LocalUser

Manage local user accounts

change_password(uid, new_password, reset_token, old_password=None, verify_password=None)

Update a user’s password, applying complexity rules; must specify either the old password or a reset token

Parameters
  • uid (str) – User ID

  • new_password (str) – the new passphrase

  • reset_token (str) – a token retrieved from Confirmation.request

  • old_password (str) – the old passphrase

Returns

dict with account_id/uid/username, http response

Return type

tuple

forgot_password(identity, username, template='password_reset')

Trigger Confirmation.request; specify either the username or email address. For security, administrators are not allowed to use this feature.

Parameters
  • identity (str) – account’s primary identity, usually an email

  • username (str) – account’s username

  • template (str) – template for message (confirming new user)

Returns

the Confirmation.request dict and http response

Return type

tuple

apicrud.auth.local_user.basic(username, password, required_scopes=None)

This is a modified basic-auth validation function. The auth login controller method generates a random 8-byte token, stores it in the session_manager object as token_auth, and sends it to javascript authProvider. The dataProvider must send it back to us as basic-auth (base64-encoded).

Vulnerable to session-hijacking if auth packets aren’t encrypted end to end, but “good enough” until OAuth2 effort is completed.

Implemented because of https://github.com/zalando/connexion/issues/791

Parameters
  • username (str) – Session UID

  • password (str) – Session token

  • required_scopes (list) – not used

Returns

uid with the username passed in

Return type

dict