repoze.who SQLAlchemy plugin

Author:Gustavo Narea.
Latest version:1.0.1

Overview

The repoze.who SQLAlchemy plugin provides an authenticator and a metadata provider plugins for SQLAlchemy or Elixir-based models.

How to install

The minimum requirements repoze.who and SQLAlchemy and you can install it all by running:

easy_install repoze.who.plugins.sa

The development mainline is available at the following Git repository:

git://github.com/repoze/repoze.who-sqlalchemy.git

Authenticator

class repoze.who.plugins.sa.SQLAlchemyAuthenticatorPlugin(user_class, dbsession)

repoze.who authenticator for SQLAlchemy models.

Example:

from repoze.who.plugins.sa import SQLAlchemyAuthenticatorPlugin
from yourcoolproject.model import User, DBSession

authenticator = SQLAlchemyAuthenticatorPlugin(User, DBSession)

This plugin assumes that the user name is kept in the user_name attribute of the users’ class, as well as that such a class has a method that verifies the user’s password against the password provided through the login form (it receives the password to be verified as the only argument and such method is assumed to be called validate_password).

If you don’t want to call the attributes above as user_name and/or validate_password, respectively, then you have to “translate” them as in the sample below:

# You have User.username instead of User.user_name:
authenticator.translations['user_name'] = 'username'

# You have User.verify_password instead of User.validate_password:
authenticator.translations['validate_password'] = 'verify_password'

If you would like to prevent timing attacks, you can provide a validation function through the dummy_validate_password translation, which should use the same algorithm as in validate_password:

from yourcoolproject import validate_pass
authenticator.translations['dummy_validate_password'] = validate_pass

Note

If you want to configure this authenticator from an ini file, use make_sa_authenticator().

New in version 1.0.1: Support for dummy_validate_password was added.

repoze.who.plugins.sa.make_sa_authenticator(user_class=None, dbsession=None, user_name_translation=None, validate_password_translation=None, dummy_validate_password_translation=None)

Configure SQLAlchemyAuthenticatorPlugin.

Parameters:
  • user_class (str) – The SQLAlchemy/Elixir class for the users.
  • dbsession (str) – The SQLAlchemy/Elixir session.
  • user_name_translation (str) – The translation for user_name, if any.
  • validate_password_translation (str) – The translation for validate_password, if any.
  • dummy_validate_password_translation (function) – The translation for dummy_validate_password, if any.
Returns:

The authenticator.

Return type:

SQLAlchemyAuthenticatorPlugin

Example from an *.ini file:

# ...
[plugin:sa_auth]
use = repoze.who.plugins.sa:make_sa_authenticator
user_class = yourcoolproject.model:User
dbsession = yourcoolproject.model:DBSession
# ...

Or, if you need translations:

# ...
[plugin:sa_auth]
use = repoze.who.plugins.sa:make_sa_authenticator
user_class = yourcoolproject.model:User
dbsession = yourcoolproject.model:DBSession
user_name_translation = username
validate_password_translation = verify_password
dummy_validate_password_translation = yourcoolproject.security:validate
# ...

New in version 1.0.1: Support for dummy_validate_password_translation was added.

Metadata provider

class repoze.who.plugins.sa.SQLAlchemyUserMDPlugin(user_class, dbsession)

repoze.who metadata provider that loads the SQLAlchemy-powered object for the current user.

It loads the object into identity['user'].

Example:

from repoze.who.plugins.sa import SQLAlchemyUserMDPlugin
from yourcoolproject.model import User, DBSession

mdprovider = SQLAlchemyUserMDPlugin(User, DBSession)

This plugin assumes that the user name is kept in the user_name attribute of the users’ class. If you don’t want to call the attribute above as user_name, then you have to “translate” it as in the sample below:

# You have User.username instead of User.user_name:
mdprovider.translations['user_name'] = 'username'

Note

If you want to configure this plugin from an ini file, use make_sa_user_mdprovider().

repoze.who.plugins.sa.make_sa_user_mdprovider(user_class=None, dbsession=None, user_name_translation=None)

Configure SQLAlchemyUserMDPlugin.

Parameters:
  • user_class (str) – The SQLAlchemy/Elixir class for the users.
  • dbsession (str) – The SQLAlchemy/Elixir session.
  • user_name_translation (str) – The translation for user_name, if any.
Returns:

The metadata provider.

Return type:

SQLAlchemyUserMDPlugin

Example from an *.ini file:

# ...
[plugin:sa_md]
use = repoze.who.plugins.sa:make_sa_user_mdprovider
user_class = yourcoolproject.model:User
dbsession = yourcoolproject.model:DBSession
# ...

Or, if you need translations:

# ...
[plugin:sa_md]
use = repoze.who.plugins.sa:make_sa_user_mdprovider
user_class = yourcoolproject.model:User
dbsession = yourcoolproject.model:DBSession
user_name_translation = username
# ...

Miscellaneous

class repoze.who.plugins.sa.SQLAlchemyUserChecker(user_class, dbsession)

User existence checker for repoze.who.plugins.auth_tkt.AuthTktCookiePlugin.

Example:

from repoze.who.plugins.sa import SQLAlchemyUserChecker
from yourcoolproject.model import User, DBSession

checker = SQLAlchemyUserChecker(User, DBSession)

This plugin assumes that the user name is kept in the user_name attribute of the users’ class. If you don’t want to call it that way, then you have to “translate” it as in the sample below:

# You have User.username instead of User.user_name:
checker.translations['user_name'] = 'username'

How to get help?

The prefered place to ask questions and request features is the Repoze mailing list.

To report bugs, please go to GitHub.

Indices and tables

Table Of Contents

Next topic

repoze.who.plugins.sa releases

This Page