cubicweb.pyramid.auth
Contents
cubicweb.pyramid.auth
#
CubicWeb AuthTkt authentication policy#
When using the cubicweb.pyramid.auth module, which is the default in most cases, you may have to configure the behaviour of these authentication policies using standardâs Pyramid configuration. You may want to configure in your pyramid configuration file:
- Session Authentication
This is a AuthTktAuthenticationPolicy so you may overwrite default configuration values by adding configuration entries using the prefix
cubicweb.auth.authtkt.session
. Default values are:cubicweb.auth.authtkt.session.hashalg = sha512 cubicweb.auth.authtkt.session.cookie_name = auth_tkt cubicweb.auth.authtkt.session.timeout = 1200 cubicweb.auth.authtkt.session.reissue_time = 120 cubicweb.auth.authtkt.session.http_only = True cubicweb.auth.authtkt.session.secure = True
- Persistent Authentication
This is also a AuthTktAuthenticationPolicy. It is used when persistent sessions are activated (typically when using the cubicweb-rememberme cube). You may overwrite default configuration values by adding configuration entries using the prefix
cubicweb.auth.authtkt.persistent
. Default values are:cubicweb.auth.authtkt.persistent.hashalg = sha512 cubicweb.auth.authtkt.persistent.cookie_name = pauth_tkt cubicweb.auth.authtkt.persistent.max_age = 3600*24*30 cubicweb.auth.authtkt.persistent.reissue_time = 3600*24 cubicweb.auth.authtkt.persistent.http_only = True cubicweb.auth.authtkt.persistent.secure = True
Warning
Legacy timeout values from the instanceâs
all-in-one.conf
are not used at all (``
http-session-time`` and cleanup-session-time
)
Secrets#
There are a number of secrets to configure in pyramid.ini
. They
should be different one from each other, as explained in `Pyramid's
documentation`_.
For the record, regarding authentication:
- cubicweb.auth.authtkt.session.secret
This secret is used to encrypt the authentication cookie.
- cubicweb.auth.authtkt.persistent.secret
This secret is used to encrypt the persistent authentication cookie.
- cubicweb.pyramid.auth.includeme(config)[source]#
Activate the CubicWeb AuthTkt authentication policy.
Usually called via
config.include('cubicweb.pyramid.auth')
.See also cubicweb.pyramid.defaults
- class cubicweb.pyramid.auth.UpdateLoginTimeAuthenticationPolicy[source]#
Bases:
object
An authentication policy that update the user last_login_time.
The update is done in the ârememberâ method, which is called by the login views login,
Usually used via
includeme()
.