Basics

pyramid_fullauth provides models and actions that allows to register and log in user as well as reset password functionality. It does not provide ability to send appropriate emails, that have to be covered by subscribing to appropriate events emitted by plugin.

Note

By default, all actions are unrestricted (have permissions set to pyramid.security.NO_PERMISSION_REQUIRED, that way setting default permission in your pyramid app would allow the user to log in, register without the need to being logged in to the system

Simple usage

If You have a sqlalchemy.url key in the config file In Your pyramid application configuration section just add those two lines:

config.include('pyramid_basemodel')
config.include('pyramid_fullauth')

And that’s it, this is the most simple usage of this plugin. To register just go to the /register url and You will see the form with which You can register. Login in is performed on /login page

pyramid_fullauth uses under the hood pyramid_yml to include configuration defaults defined in yaml file, and to override them, you’d have to employ pyramid_yml on your own into the project.

Events and event interfaces

Plugin emits events while handling requests:

BeforeRegister
AfterRegister
AfterActivate
AfterResetRequest
AfterReset
AlreadyLoggedIn
BeforeLogIn
AfterLogIn

Events can be found in the pyramid_fullauth.events package.

Read the Using Events chapter of Pyramid’s documentation to see how to add an event subscriber to Your application and handle those events.

Configuration

Note

Plugins uses tzf.pyramid_yml for its configuration settings

Plugin, by default works on these assumptions:

fullauth.authtkt.secret = "fullauth_psst"
fullauth.authtkt.hashalg = "sha512"
fullauth.session.factory = "pyramid.session.SignedCookieSessionFactory"
fullauth.session.settings.secret = "THATS_NOT_SECRET_ITS_A_SECRET"
fullauth.register.password.require = True
fullauth.register.password.length_min = 6
fullauth.register.password.confirm = True
fullauth.redirects.logout = False
fullauth.login.cookie_max_age = 2592000  # 30 days

Note

For alternative values of the settings above look at config.{env}.yml configurations found in tests.config directory.

Fullauth data models

pyramid_fullauth comes with SQLAlchemy models to maintain the user data.

• pyramid_fullauth.models.User - is the base model with most relevant user data

• pyramid_fullauth.models.Group - allows grouping user in permission groups

• pyramid_fullauth.models.AuthenticationProvider - is where the 3rd party authentication system identifiers for different providers lives

Fullauth models are based on declarative_base defined in pyramid_basemodel and functionality uses Session object provided by basemodel.

To connect fullauth’s models to your database, it is required to base your own models on the same declarative_base. It can be achieved by either using those provided by pyramid_basemodel or patching them with your own.

Last thing is updating the database. If you’re using alembic for that, remember to import fullauth models in alembic’s env,py or in common place for your model. If models won’t be imported while running alembic commands, they won’t be seen by alembic.

Request object additional methods

Request object gets these methods:

• login_perform() - performs login action

• user() - returns logged in user or None

• logout() - logs user out

CSRF Check

To guard your site against csrf, please follow up official pyramid’s documentation settings