adhocracy_core.authentication package¶

Authentication with support for token http headers.

UserTokenHeader = 'X-User-Token'¶: The request header parameter to set the authentication token.

UserPasswordHeader = 'X-User-Password'¶: The request header parameter to set the user password.

UserPathHeader = 'X-User-Path'¶: Deprecated: The optional request header to set the userid.

AnonymizeHeader = 'X-Anonymize'¶: Mark this request to be anonymized.

class TokenHeaderAuthenticationPolicy(private_key: str, callback: <built-in function callable>=None, timeout: int=10, algorithm='HS512')[source]¶

Bases: pyramid_jwt.policy.JWTAuthenticationPolicy

Http header token authentication based on pyramid_jwt.

The following methods are extendend:

remember return a list with the header/value to authenticate
effective_principals cache principals for one request

remember(request, userid, **kw) → [<class 'tuple'>][source]¶: Create persistent user session and return authentication headers.

unauthenticated_userid(request)[source]¶

effective_principals(request: <InterfaceClass pyramid.interfaces.IRequest>) → list[source]¶

Return userid, roles and groups for the authenticated user.

THE RESULT IS CACHED for the current request in the request attribute called: __cached_principals__ .

validate_user_headers(view: <built-in function callable>)[source]¶

Decorator vor view to check if the user token.

Raises:	pyramid.httpexceptions.HTTPBadRequest – if user token is invalid

has_password_header(request: <InterfaceClass pyramid.interfaces.IRequest>) → bool[source]¶: Check if request provided the password in the Password header.

get_header_password(request: <InterfaceClass pyramid.interfaces.IRequest>) → str[source]¶: Return the password in the Password header.

validate_password_header(view: <built-in function callable>)[source]¶

Decorator vor view to check if the password header may be set.

Raises:	pyramid.httpexceptions.HTTPBadRequest – if password is invalid or not

required. The case that a password is required by a sheet but not set cannot be handled here, as we do not know which sheets are edited by the request.

is_marked_anonymize(request: <InterfaceClass pyramid.interfaces.IRequest>) → bool[source]¶: Check if request is marked with the Anonymize header.

validate_anonymize_header(view: <built-in function callable>)[source]¶

Decorator vor view to check if the anonymize header may be set.

Raises:	pyramid.httpexceptions.HTTPBadRequest – if anonymize header is set but is not allowed

class MultiRouteAuthenticationPolicy[source]¶

Bases: pyramid.authentication.CallbackAuthenticationPolicy

Use different policy to authenticate depending on the request route.

add_policy(route_name: str, policy: <InterfaceClass pyramid.interfaces.IAuthenticationPolicy>)[source]¶: Add policy for route_name.

unauthenticated_userid(request: <InterfaceClass pyramid.interfaces.IRequest>) → str[source]¶: Return unauthenticated_userid of policy with matching route name.

effective_principals(request: <InterfaceClass pyramid.interfaces.IRequest>)[source]¶: Return principals of policy with matching route name.

remember(request: <InterfaceClass pyramid.interfaces.IRequest>, principal, **kwargs) → [<class 'tuple'>][source]¶: Return headers to remember authenticated user for all policies.

forget(request: <InterfaceClass pyramid.interfaces.IRequest>) → [<class 'tuple'>][source]¶: Return headers to forget authenticated user for all policies.

set_anonymized_creator(context: object, userid: str)[source]¶: Store userid of anonymized creator of context.

get_anonymized_creator(context: object) → str[source]¶: Get userid of anonymized creator of context or empty string.

is_created_anonymized(context: object) → bool[source]¶: Check if context was created anonymized.

includeme(config)[source]¶: Add request properties.