Auth

Utilities for authentication and authorization.

webapp2_extras.auth.default_config = {'user_model': 'webapp2_extras.appengine.auth.models.User', 'token_new_age': 86400, 'cookie_name': 'auth', 'token_max_age': 1814400, 'token_cache_age': 3600, 'user_attributes': [], 'session_backend': 'securecookie'}

Default configuration values for this module. Keys are:

user_model
User model which authenticates custom users and tokens. Can also be a string in dotted notation to be lazily imported. Default is webapp2_extras.appengine.auth.models.User.
session_backend
Name of the session backend to be used. Default is securecookie.
cookie_name
Name of the cookie to save the auth session. Default is auth.
token_max_age
Number of seconds of inactivity after which an auth token is invalidated. The same value is used to set the max_age for persistent auth sessions. Default is 86400 * 7 * 3 (3 weeks).
token_new_age
Number of seconds after which a new token is created and written to the database, and the old one is invalidated. Use this to limit database writes; set to None to write on all requests. Default is 86400 (1 day).
token_cache_age
Number of seconds after which a token must be checked in the database. Use this to limit database reads; set to None to read on all requests. Default is 3600 (1 hour).
user_attributes
A list of extra user attributes to be stored in the session. Default is an empty list.
class webapp2_extras.auth.AuthStore(app, config=None)[source]

Provides common utilities and configuration for Auth.

__init__(app, config=None)[source]

Initializes the session store.

Parameters:
class webapp2_extras.auth.Auth(request)[source]

Authentication provider for a single request.

__init__(request)[source]

Initializes the auth provider for a request.

Parameters:request – A webapp2.Request instance.
get_user_by_password(auth_id, password, remember=False, save_session=True, silent=False)[source]

Returns a user based on password credentials.

Parameters:
  • auth_id – Authentication id.
  • password – User password.
  • remember – If True, saves permanent sessions.
  • save_session – If True, saves the user in the session if authentication succeeds.
  • silent – If True, raises an exception if auth_id or password are invalid.
Returns:

A user dict or None.

Raises:

InvalidAuthIdError or InvalidPasswordError.

get_user_by_session(save_session=True)[source]

Returns a user based on the current session.

Parameters:save_session – If True, saves the user in the session if authentication succeeds.
Returns:A user dict or None.
get_user_by_token(user_id, token, token_ts=None, cache=None, cache_ts=None, remember=False, save_session=True)[source]

Returns a user based on an authentication token.

Parameters:
  • user_id – User id.
  • token – Authentication token.
  • token_ts – Token timestamp, used to perform pre-validation.
  • cache – Cached user data (from the session).
  • cache_ts – Cache timestamp.
  • remember – If True, saves permanent sessions.
  • save_session – If True, saves the user in the session if authentication succeeds.
Returns:

A user dict or None.

set_session(user, token=None, token_ts=None, cache_ts=None, remember=False, **session_args)[source]

Saves a user in the session.

Parameters:
  • user – A dictionary with user data.
  • token – A unique token to be persisted. If None, a new one is created.
  • token_ts – Token timestamp. If None, a new one is created.
  • cache_ts – Token cache timestamp. If None, a new one is created.
  • session_args – Keyword arguments to set the session arguments.
Remember:

If True, session is set to be persisted.

unset_session()[source]

Removes a user from the session and invalidates the auth token.

webapp2_extras.auth.get_store(factory=<class 'webapp2_extras.auth.AuthStore'>, key='webapp2_extras.auth.Auth', app=None)[source]

Returns an instance of AuthStore from the app registry.

It’ll try to get it from the current app registry, and if it is not registered it’ll be instantiated and registered. A second call to this function will return the same instance.

Parameters:
  • factory – The callable used to build and register the instance if it is not yet registered. The default is the class AuthStore itself.
  • key – The key used to store the instance in the registry. A default is used if it is not set.
  • app – A webapp2.WSGIApplication instance used to store the instance. The active app is used if it is not set.
webapp2_extras.auth.set_store(store, key='webapp2_extras.auth.Auth', app=None)[source]

Sets an instance of AuthStore in the app registry.

Parameters:
  • store – An instance of AuthStore.
  • key – The key used to retrieve the instance from the registry. A default is used if it is not set.
  • request – A webapp2.WSGIApplication instance used to retrieve the instance. The active app is used if it is not set.
webapp2_extras.auth.get_auth(factory=<class 'webapp2_extras.auth.Auth'>, key='webapp2_extras.auth.Auth', request=None)[source]

Returns an instance of Auth from the request registry.

It’ll try to get it from the current request registry, and if it is not registered it’ll be instantiated and registered. A second call to this function will return the same instance.

Parameters:
  • factory – The callable used to build and register the instance if it is not yet registered. The default is the class Auth itself.
  • key – The key used to store the instance in the registry. A default is used if it is not set.
  • request – A webapp2.Request instance used to store the instance. The active request is used if it is not set.
webapp2_extras.auth.set_auth(auth, key='webapp2_extras.auth.Auth', request=None)[source]

Sets an instance of Auth in the request registry.

Parameters:
  • auth – An instance of Auth.
  • key – The key used to retrieve the instance from the registry. A default is used if it is not set.
  • request – A webapp2.Request instance used to retrieve the instance. The active request is used if it is not set.

Previous topic

webapp2

Next topic

i18n

This Page