user.auth.core ============== .. py:module:: user.auth.core Classes ------- .. autoapisummary:: user.auth.core.SignupToken user.auth.core.Auth Module Contents --------------- .. py:class:: SignupToken Bases: :py:obj:`typing_extensions.TypedDict` dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object's (key, value) pairs dict(iterable) -> new dictionary initialized as if via: d = {} for k, v in iterable: d[k] = v dict(**kwargs) -> new dictionary initialized with the name=value pairs in the keyword argument list. For example: dict(one=1, two=2) .. py:attribute:: role :type: str .. py:attribute:: max_uses :type: int .. py:attribute:: expires :type: int .. py:class:: Auth(app: onegov.user.UserApp, to: str | None = '/', skip: bool = False, signup_token: str | None = None, signup_token_secret: str | None = None) Defines a model for authentication methods like login/logout. Applications should use this model to implement authentication views. .. py:attribute:: identity_class .. py:attribute:: app .. py:attribute:: session .. py:attribute:: application_id .. py:attribute:: signup_token :value: None .. py:attribute:: signup_token_secret .. py:attribute:: to :value: '' .. py:attribute:: skip :value: False .. py:attribute:: factors .. py:method:: from_request(request: onegov.core.request.CoreRequest, to: str | None = '/', skip: bool = False, signup_token: str | None = None) -> Self :classmethod: .. py:method:: from_request_path(request: onegov.core.request.CoreRequest, skip: bool = False, signup_token: str | None = None) -> Self :classmethod: .. py:property:: users :type: onegov.user.collections.UserCollection .. py:method:: redirect(request: onegov.core.request.CoreRequest, path: str) -> webob.Response .. py:method:: skippable(request: onegov.core.request.CoreRequest) -> bool Returns true if the login for the current `to` target is optional (i.e. it is not required to access the page). This should only be used on protected pages as public pages would always be skipppable. Therefore it has to be enabled manually by specifying `skip=True` on the :class:`Auth` class. .. py:method:: apply_second_factor(request: onegov.core.request.CoreRequest, user: onegov.user.User, second_factor_value: str | None) -> webob.Response | bool Applies the second factor if applicable. :return: false if the second factor was invalid, a response if the second factor needs to be activated or requires a two step process and true otherwise .. py:method:: authenticate(request: onegov.core.request.CoreRequest, username: str, password: str, client: str = 'unknown', second_factor: str | None = None, skip_providers: bool = False) -> onegov.user.User | webob.Response | None Takes the given username and password and matches them against the users collection. This does not login the user, use :meth:`login_to` to accomplish that. :param username: The username to authenticate. :param password: The password of the user (clear-text). :param client: The client address of the user (i.e. his IP address). :param second_factor: The value of the second factor or None. :param skip_providers: In special cases where e.g. an LDAP-Provider is a source of users but can't offer the password for authentication, you can login using the application database. :return: The matched user or a response to complete the second factor authentication, if successful, or None. .. py:method:: as_identity(user: onegov.user.User) -> morepath.authentication.Identity Returns the morepath identity of the given user. .. py:method:: by_identity(identity: morepath.authentication.Identity | morepath.authentication.NoIdentity) -> onegov.user.User | None Returns the user record of the given identity. .. py:method:: login_to(username: str, password: str, request: onegov.core.request.CoreRequest, second_factor: str | None = None, skip_providers: bool = False) -> webob.Response | None Takes a user login request and remembers the user if the authentication completes successfully. :param username: The username to log in. :param password: The password to log in (cleartext). :param request: The request of the user. :param second_factor: The second factor, if any. :skip_providers: Pass option skip_providers to skip any configured auth providers. :return: A redirect response to ``self.to`` with the identity remembered as a cookie. If not successful, None is returned. .. py:method:: complete_login(user: onegov.user.User, request: onegov.core.request.CoreRequest) -> webob.Response Takes a user record, remembers its session and returns a proper redirect response to complete the login. This method is mostly useful inside onegov.user. You probably want to use :meth:`complete_login` outside of that. .. py:method:: logout_to(request: onegov.core.request.CoreRequest, to: str | None = None) -> webob.Response Logs the current user out and redirects to ``to`` or ``self.to``. :return: A response redirecting to ``self.to`` with the identity forgotten. .. py:method:: new_signup_token(role: str, max_age: int = 24 * 60 * 60, max_uses: int = 1) -> str Returns a signup token which can be used for users to register themselves, directly gaining the given role. Signup tokens are recorded on the user to make sure that only the requested amount of uses is allowed. .. py:property:: signup_token_serializer :type: itsdangerous.URLSafeSerializer .. py:method:: decode_signup_token(token: str) -> SignupToken | None .. py:property:: permitted_role_for_registration :type: str | None Returns the permitted role for the current signup token. .. py:method:: register(form: onegov.user.forms.RegistrationForm, request: onegov.core.request.CoreRequest) -> onegov.user.User Registers the user using the information on the registration form. Takes the signup token into account to provide the user with the proper role. See :meth:`onegov.user.collections.UserCollection.register_user` for more information.