Model¶
-
class
keg_auth.model.__init__.
AttemptMixin
¶ Generic mixin for logging user login attempts.
-
classmethod
purge_attempts
(username=None, older_than=None, attempt_type=None)¶ Delete attempt records optionally filtered by username, age, or type.
-
classmethod
-
class
keg_auth.model.__init__.
BundleMixin
¶ Generic mixin for permission bundles.
-
class
keg_auth.model.__init__.
GroupMixin
¶ Generic mixin for user groups.
-
exception
keg_auth.model.__init__.
InvalidToken
¶
-
class
keg_auth.model.__init__.
KAPasswordType
(max_length=None, **kwargs)¶ -
load_dialect_impl
(dialect)¶ Return a
TypeEngine
object corresponding to a dialect.This is an end-user override hook that can be used to provide differing types depending on the given dialect. It is used by the
TypeDecorator
implementation oftype_engine()
to help determine what type should ultimately be returned for a givenTypeDecorator
.By default returns
self.impl
.
-
-
class
keg_auth.model.__init__.
PermissionMixin
¶ Generic mixin for permissions.
-
class
keg_auth.model.__init__.
UserEmailMixin
¶ Mixin for users who will be authenticated by email/password.
-
change_password
(token, new_password)¶ Change a password based on token authorization.
-
-
class
keg_auth.model.__init__.
UserMixin
¶ Generic mixin for user entities.
-
get_token_salt
()¶ Create salt data for password reset token signing. The return value will be hashed together with the signing key. This ensures that changes to any of the fields included in the salt invalidates any tokens produced with the old values Values included:
- user login identifier -> if username/email change it will invalidate
- the user token
- is_active -> Anytime a user verifies will invalidate a token
- current password hash or empty string if no password has been set -> If the password is updated we want to invalidate the token
- last login time -> Any time a user logs in it will invalidate any
- verification and reset password emails
Returns: JSON string of list containing the values listed above
-
token_generate
()¶ Create a new token for this user. The returned value is an expiring JWT signed with the application’s crypto key. Externally this token should be treated as opaque. The value returned by this function must not be persisted. :return: a string representation of the generated token
-
token_verify
(token, _use_legacy=False, _block_legacy=False)¶ - Verify a password reset token. The token is validated for:
- user identity
- tampering
- expiration
- password was not already reset since token was generated
- user has not signed in since token was generated
Parameters: token – string representation of token to verify Returns: bool indicating token validity
-
-
class
keg_auth.model.__init__.
UserTokenMixin
¶ Mixin for users who will be authenticated by tokens.
-
classmethod
generate_raw_auth_token
(length=32, entropy=None, charset='ascii_50')¶ Return a raw authentication token
NOTE(nZac): You should not store this directly in the database. When using this mixin, simply setting this value to
self.token = generate_raw_auth_token
is enough (though, there is a helper method for thatreset_auth_token
).
-
reset_auth_token
(**kwargs)¶ Reset the authentication token for this user
Takes the same parameter as :cls:generate_auth_token
-
classmethod
-
keg_auth.model.__init__.
get_username
(user)¶ Based on the registered user entity, find the column representing the login ID.