Auth

Utilities for authentication and authorization.

webapp2_extras.auth.default_config = {'user_model': 'webapp2_extras.appengine.auth.models.User', 'token_new_age': 86400, 'cookie_name': 'auth', 'token_max_age': 1814400, 'token_cache_age': 3600, 'user_attributes': [], 'session_backend': 'securecookie'}

Default configuration values for this module. Keys are:

user_model

User model which authenticates custom users and tokens. Can also be a string in dotted notation to be lazily imported. Default is webapp2_extras.appengine.auth.models.User.

session_backend

Name of the session backend to be used. Default is securecookie.

cookie_name

Name of the cookie to save the auth session. Default is auth.

token_max_age

Number of seconds of inactivity after which an auth token is invalidated. The same value is used to set the max_age for persistent auth sessions. Default is 86400 * 7 * 3 (3 weeks).

token_new_age

Number of seconds after which a new token is created and written to the database, and the old one is invalidated. Use this to limit database writes; set to None to write on all requests. Default is 86400 (1 day).

token_cache_age

Number of seconds after which a token must be checked in the database. Use this to limit database reads; set to None to read on all requests. Default is 3600 (1 hour).

user_attributes

A list of extra user attributes to be stored in the session. Default is an empty list.

class webapp2_extras.auth.AuthStore(app, config=None)

Provides common utilities and configuration for Auth.

__init__(app, config=None)

Initializes the session store.

Parameters:

• app – A webapp2.WSGIApplication instance.
• config – A dictionary of configuration values to be overridden. See the available keys in default_config.

class webapp2_extras.auth.Auth(request)

Authentication provider for a single request.

__init__(request)

Initializes the auth provider for a request.

Parameters:request – A webapp2.Request instance.

get_user_by_password(auth_id, password, remember=False, save_session=True, silent=False)

Returns a user based on password credentials.

Parameters:

• auth_id – Authentication id.
• password – User password.
• remember – If True, saves permanent sessions.
• save_session – If True, saves the user in the session if authentication succeeds.
• silent – If True, raises an exception if auth_id or password are invalid.

Returns:

A user dict or None.

Raises:

InvalidAuthIdError or InvalidPasswordError.

get_user_by_session(save_session=True)

Returns a user based on the current session.

Parameters:save_session – If True, saves the user in the session if authentication succeeds. Returns:A user dict or None.

get_user_by_token(user_id, token, token_ts=None, cache=None, cache_ts=None, remember=False, save_session=True)

Returns a user based on an authentication token.

Parameters:

• user_id – User id.
• token – Authentication token.
• token_ts – Token timestamp, used to perform pre-validation.
• cache – Cached user data (from the session).
• cache_ts – Cache timestamp.
• remember – If True, saves permanent sessions.
• save_session – If True, saves the user in the session if authentication succeeds.

Returns:

A user dict or None.

set_session(user, token=None, token_ts=None, cache_ts=None, remember=False, **session_args)

Saves a user in the session.

Parameters:

• user – A dictionary with user data.
• token – A unique token to be persisted. If None, a new one is created.
• token_ts – Token timestamp. If None, a new one is created.
• cache_ts – Token cache timestamp. If None, a new one is created.
• session_args – Keyword arguments to set the session arguments.

Remember:

If True, session is set to be persisted.

unset_session()

Removes a user from the session and invalidates the auth token.

webapp2_extras.auth.get_store(factory=<class 'webapp2_extras.auth.AuthStore'>, key='webapp2_extras.auth.Auth', app=None)

Returns an instance of AuthStore from the app registry.

It’ll try to get it from the current app registry, and if it is not registered it’ll be instantiated and registered. A second call to this function will return the same instance.

Parameters:

• factory – The callable used to build and register the instance if it is not yet registered. The default is the class AuthStore itself.
• key – The key used to store the instance in the registry. A default is used if it is not set.
• app – A webapp2.WSGIApplication instance used to store the instance. The active app is used if it is not set.

webapp2_extras.auth.set_store(store, key='webapp2_extras.auth.Auth', app=None)

Sets an instance of AuthStore in the app registry.

Parameters:

• store – An instance of AuthStore.
• key – The key used to retrieve the instance from the registry. A default is used if it is not set.
• request – A webapp2.WSGIApplication instance used to retrieve the instance. The active app is used if it is not set.

webapp2_extras.auth.get_auth(factory=<class 'webapp2_extras.auth.Auth'>, key='webapp2_extras.auth.Auth', request=None)

Returns an instance of Auth from the request registry.

It’ll try to get it from the current request registry, and if it is not registered it’ll be instantiated and registered. A second call to this function will return the same instance.

Parameters:

• factory – The callable used to build and register the instance if it is not yet registered. The default is the class Auth itself.
• key – The key used to store the instance in the registry. A default is used if it is not set.
• request – A webapp2.Request instance used to store the instance. The active request is used if it is not set.

webapp2_extras.auth.set_auth(auth, key='webapp2_extras.auth.Auth', request=None)

Sets an instance of Auth in the request registry.

Parameters:

• auth – An instance of Auth.
• key – The key used to retrieve the instance from the registry. A default is used if it is not set.
• request – A webapp2.Request instance used to retrieve the instance. The active request is used if it is not set.