This is the authentication system of Stalker. Uses Beaker for the session management.
This helper module is written to help users to persist their login information in their system. The aim of this function is not security. So one can quickly by-pass this system and get himself/herself logged in or query information from the database without login.
The user information is going to be used in the database to store who created, updated, read or delete the data.
There are two functions to log a user in, first one is authenticate(), which accepts username and password and returns a User object:
from stalker.db import auth
userObj = auth.authenticate("username", "password")
The second one is the login() which uses a given User object and creates a Beaker Session and stores the logged in user id in that session.
The get_user() can be used to get the authenticated and logged in User object.
The basic usage of the system is as follows:
from stalker import db
from stalker.db import auth
from stalker.core.models import user
# directly get the user from the database if there is a user_id
# in the current auth.SESSION
#
# in this way we prevent asking the user for login information all the time
if "user_id" in auth.SESSION:
userObj = auth.get_user()
else:
# ask the username and password of the user
# then authenticate the given user
username, password = the_interface_for_login()
userObj = auth.authenticate(username, password)
# login with the given user.User object, this will also create the session
# if there is no one defined
auth.login(userObj)
The module also introduces a decorator called login_required() to help adding the authentication functionality to any function or method
Functions
authenticate([username, password]) | Authenticates the given username and password, returns a |
create_session() | creates the session |
get_user() | returns the user from stored session |
login(user_obj) | Persist a user id in the session. |
login_required(func) | a decorator that implements login functionality to any function or |
logout() | removes the current session |