tipfy.ext.auth¶

See the extension wiki page.

Default configuration¶

tipfy.ext.auth.default_config¶

Default configuration values for this module. Keys are:

user_model: A db.Model class used for authenticated users, as a string. Default is tipfy.ext.auth.model.User.
cookie_name: Name of the autentication cookie. Default is tipfy.auth.
session_max_age: Interval in seconds before a user session id is renewed. Default is 1 week.

Auth Mixins¶

class tipfy.ext.auth.AppEngineAuthMixin¶

This RequestHandler mixin uses App Engine’s built-in Users API. Main reasons to use it instead of Users API are:

You can use the decorator user_required() to require a user record stored in datastore after a user signs in.
It also adds a convenient access to current logged in user directly inside the handler, as well as the functions to generate auth-related URLs.
It standardizes how you create login, logout and signup URLs, and how you check for a logged in user and load an {{{User}}} entity. If you change to a different auth method later, these don’t need to be changed in your code.

auth_session¶

Returns the currently logged in user session. For app Engine auth, this corresponds to the google.appengine.api.users.User object.

Returns:	A google.appengine.api.users.User object if the user for the current request is logged in, or None.

auth_current_user¶

Returns the currently logged in user entity or None.

Returns:	A `User` entity, if the user for the current request is logged in, or None.

auth_is_admin¶

Returns True if the current user is an admin.

Returns:	True if the user for the current request is an admin, False otherwise.

auth_user_model¶

Returns the configured user model.

Returns:	A `tipfy.ext.auth.model.User` class.

auth_login_url(redirect=None)¶

Returns a URL that, when visited, prompts the user to sign in.

Parameters:	redirect – A full URL or relative path to redirect to after logging in.
Returns:	A URL to perform logout.

auth_logout_url(redirect=None)¶

Returns a URL that, when visited, logs out the user.

Parameters:	redirect – A full URL or relative path to redirect to after logging out.
Returns:	A URL to perform logout.

auth_signup_url(redirect=None)¶

Returns a URL that, when visited, prompts the user to sign up.

Parameters:	redirect – A full URL or relative path to redirect to after sign up.
Returns:	A URL to perform logout.

auth_create_user(username, auth_id, **kwargs)¶

Creates a new user entity.

Parameters:	username – Unique username. auth_id – Unique authentication id. For App Engine users it is ‘gae:user_id’.
Returns:	The new entity if the username is available, None otherwise.

auth_get_user_entity(username=None, auth_id=None)¶

Loads an user entity from datastore. Override this to implement a different loading method. This method will load the user depending on the way the user is being authenticated: for form authentication, username is used; for third party or App Engine authentication, auth_id is used.

Parameters:	username – Unique username. auth_id – Unique authentication id.
Returns:	A `User` model instance, or None.

class tipfy.ext.auth.MultiAuthMixin¶

This RequestHandler mixin is used for custom or third party authentication. It requires a SessionMixin to be used with the handler as it depends on sessions to be set.

auth_session¶

Returns the currently logged in user session. For multi auth, this corresponds to the auth session data, a dictionary-like object.

Returns:	A dictionary of auth session data if the user for the current request is logged in, or None.

auth_current_user¶

Returns the currently logged in user entity or None.

Returns:	A `User` entity, if the user for the current request is logged in, or None.

auth_is_admin¶

Returns True if the current user is an admin.

Returns:	True if the user for the current request is an admin, False otherwise.

auth_user_model¶

Returns the configured user model.

Returns:	A `tipfy.ext.auth.model.User` class.

auth_login_url(redirect=None)¶

Returns a URL that, when visited, prompts the user to sign in.

Parameters:	redirect – A full URL or relative path to redirect to after logging in.
Returns:	A URL to perform logout.

auth_logout_url(redirect=None)¶

Returns a URL that, when visited, logs out the user.

Parameters:	redirect – A full URL or relative path to redirect to after logging out.
Returns:	A URL to perform logout.

auth_signup_url(redirect=None)¶

Returns a URL that, when visited, prompts the user to sign up.

Parameters:	redirect – A full URL or relative path to redirect to after sign up.
Returns:	A URL to perform logout.

auth_create_user(username, auth_id, **kwargs)¶

Creates a new user entity.

Parameters:	username – Unique username. auth_id – Unique authentication id. For App Engine users it is ‘gae:user_id’.
Returns:	The new entity if the username is available, None otherwise.

auth_get_user_entity(username=None, auth_id=None)¶

Loads an user entity from datastore. Override this to implement a different loading method. This method will load the user depending on the way the user is being authenticated: for form authentication, username is used; for third party or App Engine authentication, auth_id is used.

Parameters:	username – Unique username. auth_id – Unique authentication id.
Returns:	A `User` model instance, or None.

auth_login_with_form(username, password, remember=False)¶

Authenticates the current user using data from a form.

Parameters:	username – Username. password – Password. remember – True if authentication should be persisted even if user leaves the current session (the “remember me” feature).
Returns:	True if login was succesfull, False otherwise.

auth_login_with_third_party(auth_id, remember=False, **kwargs)¶

Called to authenticate the user after a third party confirmed authentication.

Parameters:	auth_id – Authentication id, generally a combination of service name and user identifier for the service, e.g.: ‘twitter:john’. remember – True if authentication should be persisted even if user leaves the current session (the “remember me” feature).
Returns:	None. This always authenticates the user.

auth_set_session(auth_id, session_id=None, remember=False, **kwargs)¶

Sets or renews the auth session.

Parameters:	auth_id – Authentication id, generally a combination of service name and user identifier for the service, e.g.: ‘twitter:john’. session_id – A session identifier stored in the user entity, or None. remember – True if authentication should be persisted even if user leaves the current session (the “remember me” feature).
Returns:	None. This always authenticates the user.

auth_logout()¶: Logs out the current user. This deletes the authentication session.

Decorators¶

tipfy.ext.auth.login_required(func)¶

A RequestHandler method decorator to require user authentication. Normally user_required() is used instead. Example:

from tipfy import RequestHandler
from tipfy.ext.auth import AppEngineAuthMixin, login_required

class MyHandler(RequestHandler, AppEngineAuthMixin):
    @login_required
    def get(self, **kwargs):
        return 'Only logged in users can see this.'

Parameters:	func – The handler method to be decorated.
Returns:	The decorated method.

tipfy.ext.auth.user_required(func)¶

A RequestHandler method decorator to require the current user to have an account saved in datastore. Example:

from tipfy import RequestHandler
from tipfy.ext.auth import AppEngineAuthMixin, user_required

class MyHandler(RequestHandler, AppEngineAuthMixin):
    @user_required
    def get(self, **kwargs):
        return 'Only users can see this.'

Parameters:	func – The handler method to be decorated.
Returns:	The decorated method.

tipfy.ext.auth.admin_required(func)¶

A RequestHandler method decorator to require the current user to be admin. Example:

from tipfy import RequestHandler
from tipfy.ext.auth import AppEngineAuthMixin, admin_required

class MyHandler(RequestHandler, AppEngineAuthMixin):
    @admin_required
    def get(self, **kwargs):
        return 'Only admins can see this.'

Parameters:	func – The handler method to be decorated.
Returns:	The decorated method.

Middleware¶

class tipfy.ext.auth.LoginRequiredMiddleware¶

A RequestHandler middleware to require user authentication. This acts as a login_required decorator but for handler classes. Example:

from tipfy import RequestHandler
from tipfy.ext.auth import AppEngineAuthMixin, LoginRequiredMiddleware

class MyHandler(RequestHandler, AppEngineAuthMixin):
    middleware = [LoginRequiredMiddleware]

    def get(self, **kwargs):
        return 'Only logged in users can see this.'

class tipfy.ext.auth.UserRequiredMiddleware¶

A RequestHandler middleware decorator to require the current user to have an account saved in datastore. This acts as a user_required decorator but for handler classes. Example:

from tipfy import RequestHandler
from tipfy.ext.auth import AppEngineAuthMixin, UserRequiredMiddleware

class MyHandler(RequestHandler, AppEngineAuthMixin):
    middleware = [UserRequiredMiddleware]

    def get(self, **kwargs):
        return 'Only users can see this.'

class tipfy.ext.auth.AdminRequiredMiddleware¶

A RequestHandler middleware to require the current user to be admin. This acts as a admin_required decorator but for handler classes. Example:

from tipfy import RequestHandler
from tipfy.ext.auth import AppEngineAuthMixin, AdminRequiredMiddleware

class MyHandler(RequestHandler, AppEngineAuthMixin):
    middleware = [AdminRequiredMiddleware]

    def get(self, **kwargs):
        return 'Only admins can see this.'

User model¶

class tipfy.ext.auth.model.User(parent=None, key_name=None, _app=None, _from_entity=False, **kwds)¶

Universal user model. Can be used with App Engine’s default users API, own auth or third party authentication methods (OpenId, OAuth etc).

classmethod create(username, auth_id, **kwargs)¶

Creates a new user and returns it. If the username already exists, returns None.

Parameters:	username – Unique username. auth_id – Authentication id, according the the authentication method used. kwargs – Additional entity attributes.
Returns:	The newly created user or None if the username already exists.

set_password(new_password)¶

Sets a new, plain password.

Parameters:	new_password – A plain, not yet hashed password.
Returns:	None.

check_password(password)¶

Checks if a password is valid. This is done with form login

Parameters:	password – Password to be checked.
Returns:	True is the password is valid, False otherwise.

check_session(session_id)¶

Checks if a session id is valid.

Parameters:	session_id – Session id to be checked.
Returns:	True is the session id is valid, False otherwise.

← tipfy.ext.appstats | tipfy.ext.auth.facebook →

tipfy.ext.auth¶

Default configuration¶

Auth Mixins¶

Decorators¶

Middleware¶

User model¶

Table Of Contents

All Topics

This Page