Basics

pyramid_fullauth provides models and actions that allows to register and log in user as well as reset password functionality. It does not provide ability to send appropriate emails, that have to be covered by subscribing to appropriate events emitted by plugin.

Note

By default, all actions are unrestricted (have permissions set to pyramid.security.NO_PERMISSION_REQUIRED, that way setting default permission in your pyramid app would allow the user to log in, register without the need to being logged in to the system

Simple usage

If You have a sqlalchemy.url key in the config file In Your pyramid application configuration section just add those two lines:

config.include('pyramid_basemodel')
config.include('pyramid_fullauth')

And that’s it, this is the most simple usage of this plugin. To register just go to the /register url and You will see the form with which You can register. Login in is performed on /login page

pyramid_fullauth uses under the hood pyramid_yml to include configuration defaults defined in yaml file, and to override them, you’d have to employ pyramid_yml on your own into the project.

Events and event interfaces

Plugin emits events while handling requests:

BeforeRegister
AfterRegister
AfterActivate
AfterResetRequest
AfterReset
AlreadyLoggedIn
BeforeLogIn
AfterLogIn

Events can be found in the pyramid_fullauth.events package.

Read the Using Events chapter of Pyramid’s documentation to see how to add an event subscriber to Your application and handle those events.

Configuration

Note

Plugins uses tzf.pyramid_yml for its configuration settings

Plugin, by default works on these assumptions:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Copyright (c) 2013 - 2014 by pyramid_fullauth authors and contributors <see AUTHORS file>
#
# This module is part of pyramid_fullauth and is released under
# the MIT License (MIT): http://opensource.org/licenses/MIT

# pyramid_fullauth's default configuration
fullauth:
    check_csrf: True    # Whether login processes should work with csrf token, or without
    register:
        password:
            require: True   # set to false to not read password during register, and generate random one
            length_min: 6   # will be used either to check password's length or generate this length random password
            confirm: True   # by default there will be a field for password confirmation on the registration form
    AuthTkt:
        secret: fullauth_psst   # default secret used to hash auth_tk cookie
        hashalg: sha512         # default authentication policy hash algorithm
    login:
        cookie_max_age: 2592000     # 30 days
    redirects: # route name, to redirect to. If False, then redirects just to /
        logout: False
    session: # session factory settings
        # factory key is responsible for providing full path to factory class (module.submodule.SessionFactory)
        factory: pyramid.session.UnencryptedCookieSessionFactoryConfig
        # settings are key: value pairs of all factory initialize attributes
        settings:
            secret: THATS_NOT_SECRET_ITS_A_SECRET

Note

For alternative values of the settings above look at config.{env}.yml configurations found in tests.config directory.

Fullauth data models

pyramid_fullauth comes with SQLAlchemy models to maintain the user data.

Fullauth models are based on declarative_base defined in pyramid_basemodel and functionality uses Session object provided by basemodel.

To connect fullauth’s models to your database, it is required to base your own models on the same declarative_base. It can be achieved by either using those provided by pyramid_basemodel or patching them with your own.

Last thing is updating the database. If you’re using alembic for that, remember to import fullauth models in alembic’s env,py or in common place for your model. If models won’t be imported while running alembic commands, they won’t be seen by alembic.

Request object additional methods

Request object gets these methods:

CSRF Check

CSRF can be turned on/off for fullauth views by modifying fullauth.check_csrf key. It’s turned on by default.

pyramid_fullauth extends pyrmid’s check_csrf predicate in that way, that you can turn it on and off, and when check fails, it raises HTTPUnauthorized exception instead of returning False, which gives usually 404 Not Found error