Settings#
Cubicweb Settings#
Pyramid CubicWeb will not make use of the configuration entries found in the cubicweb configuration (a.k.a. all-in-one.conf) for any pyramid related configuration value.
Pyramid Settings file#
In backwards compatibility mode, Pyramid settings will be looked for in a
pyramid.ini
file in the instance home directory (where the
all-in-one.conf
file is), its [main]
section will be read and used as
the settings
of the pyramid Configurator.
This configuration file is almost the same as the one read by pserve
, which
allow to easily add any pyramid extension and configure it.
A typical pyramid.ini
file is:
[main]
pyramid.includes =
pyramid_session_redis
cubicweb.pyramid.auth = yes
cubicweb.pyramid.session = no
cubicweb.profile = no
redis.sessions.secret = your_cookie_signing_secret
redis.sessions.timeout = 1200
redis.sessions.host = mywheezy
Without backwards compatibility a standard development.ini
file can be
used with any useful CubicWeb-specific settings added.
Pyramid CubicWeb configuration entries#
The Pyramid CubicWeb specific configuration entries are:
- cubicweb.instance (string)#
A CubicWeb instance name. Useful when the application is not run by The ‘pyramid’ command.
- cubicweb.debug (bool)#
Enables the cubicweb debugmode. Works only if the instance is setup by
cubicweb.instance
.Unlike when the debugmode is set by the cubicweb-ctl start –debug-mode command, the pyramid debug options are untouched.
- cubicweb.includes (list)#
Same as
pyramid.includes
, but the includes are done after the cubicweb specific registry entries are initialized.Useful to include extensions that requires these entries.
- cubicweb.bwcompat (bool)#
(True) Enable/disable backward compatibility. This only applies to “all-in-one” configuration type.
- cubicweb.bwcompat.errorhandler (bool)#
(True) Enable/disable the backward compatibility error handler. Set to ‘no’ if you need to define your own error handlers.
- cubicweb.defaults (bool)#
(True) Enable/disable defaults. See defaults_module.
- cubicweb.auth.update_login_time (bool)#
(True) Add a
cubicweb.pyramid.auth.UpdateLoginTimeAuthenticationPolicy
policy, that update the CWUser.login_time attribute when a user login.
- cubicweb.auth.authtkt (bool)#
(True) Enables the 2 cookie-base auth policies, which activate/deactivate depending on the persistent argument passed to remember.
The default login views set persistent to True if a __setauthcookie parameters is passed to them, and evals to True in
pyramid.settings.asbool()
.The configuration values of the policies are arguments for
pyramid.authentication.AuthTktAuthenticationPolicy
.The first policy handles session authentication. It doesn’t get activated if remember() is called with persistent=False:
- cubicweb.auth.authtkt.session.cookie_name (str)#
(‘auth_tkt’) The cookie name. Must be different from the persistent authentication cookie name.
- cubicweb.auth.authtkt.session.samesite (str)#
(‘auth_tkt’) Allows you to declare if your cookie should be restricted to a first-party or same-site context. See here for more information.
- cubicweb.auth.authtkt.session.timeout (int)#
Cookie timeout.
- cubicweb.auth.authtkt.session.reissue_time (int)#
Reissue time.
The second policy handles persistent authentication. It doesn’t get activated if remember() is called with persistent=True:
- cubicweb.auth.authtkt.persistent.cookie_name (str)#
(‘auth_tkt’) The cookie name. Must be different from the session authentication cookie name.
- cubicweb.auth.authtkt.persistent.samesite (str)#
(‘auth_tkt’) Allows you to declare if your cookie should be restricted to a first-party or same-site context. See here for more information.
- cubicweb.auth.authtkt.persistent.max_age (int)#
(30 days) Max age in seconds.
- cubicweb.auth.authtkt.persistent.reissue_time (int)#
(1 day) Reissue time in seconds.
Both policies set the
secure
flag toTrue
by default, meaning that cookies will only be sent back over a secure connection (see Authentication Policies documentation for details). This can be configured throughcubicweb.auth.authtkt.persistent.secure
andcubicweb.auth.authtkt.session.secure
configuration options.
- cubicweb.auth.groups_principals (bool)#
(True) Setup a callback on the authentication stack that inject the user groups in the principals.