gws.base.auth.sql_provider
¶
Base provider for the sql-based authorization.
SQL-based authentication works by executing SELECT queries against a SQL provider.
The “authorization” query receives the parameters “username”, “password”, and/or “token” from an authentication method. If the query doesn’t return any rows, the next authentication provider is attempted. Otherwise, exactly one row should be returned with at least the following columns:
validuser
(bool) - mandatory, should be “true” if the user is allowed to log invalidpassword
(bool) - mandatory, should be “true” if the password is validuid
- mandatory, user idroles
- optional, comma-separated list of rolesdisplayname
- optional, user’s display namelogin
- optional, user’s login name
If more columns are returned, they become attributes of the User object and can be used for templating.
The “getUser” query receives user ID as a parameter and should return a record for this user.
Example configuration (assuming Postgres with pgcrypto
):
auth.providers+ {
type "sql"
authorizationSql '''
SELECT
user.id
AS uid,
user.first_name || ' ' || user.last_name
AS displayname,
user.login
AS login,
user.is_enabled
AS validuser,
( passwd = crypt({{password}}, passwd) )
AS validpassword
FROM
public.user
WHERE
user.login = {{username}}
'''
getUserSql '''
SELECT
user.id
AS uid,
user.first_name || ' ' || user.last_name
AS displayname,
user.login
AS login
FROM
public.user
WHERE
user.id = {{uid}}
'''
}
Source code: gws.base.auth.sql_provider
Module Contents¶
- class gws.base.auth.sql_provider.Config¶
Bases:
gws.base.auth.provider.Config
SQL-based authorization provider
- dbUid: str | None¶
Database provider uid
- authorizationSql: str¶
Authorization SQL statement
- getUserSql: str¶
User data SQL statement
- class gws.base.auth.sql_provider.Placeholders¶
Bases:
gws.Enum
Enumeration type.
Despite being declared as extending
Enum
(for IDE support), this class is actually just a simple object and intended to be used as a collection of attributes. It doesn’t provide anyEnum
-specific utilities.The rationale behind this is that we need
Enum
members (e.g.Color.RED
) to be scalars, and not complex objects as in the standardEnum
.- username = 'username'¶
- password = 'password'¶
- token = 'token'¶
- uid = 'uid'¶
- class gws.base.auth.sql_provider.Columns¶
Bases:
gws.Enum
Enumeration type.
Despite being declared as extending
Enum
(for IDE support), this class is actually just a simple object and intended to be used as a collection of attributes. It doesn’t provide anyEnum
-specific utilities.The rationale behind this is that we need
Enum
members (e.g.Color.RED
) to be scalars, and not complex objects as in the standardEnum
.- validuser = 'validuser'¶
- validpassword = 'validpassword'¶
- uid = 'uid'¶
- roles = 'roles'¶
- displayname = 'displayname'¶
- login = 'login'¶
- class gws.base.auth.sql_provider.Object¶
Bases:
gws.base.auth.provider.Object
- dbProvider: gws.DatabaseProvider¶
- authorizationSql: str¶
- getUserSql: str¶
- configure()¶
- authenticate(method, credentials)¶
- get_user(local_uid)¶