assembl.auth.util module

Sundry utility functions having to do with users or permissions

class assembl.auth.util.TokenSessionAuthenticationPolicy(prefix='auth.', callback=None, debug=False)[source]

Bases: pyramid.authentication.SessionAuthenticationPolicy

A session authentication policy that accepts tokens for identity instead of the beaker session’s login.


Return the authenticated userid or None.

If no callback is registered, this will be the same as unauthenticated_userid.

If a callback is registered, this will return the userid if and only if the callback returns a value that is not None.


A list of effective principals derived from request.

This will return a list of principals including, at least, If there is no authenticated userid, or the callback returns None, this will be the only principal:

return [Everyone]

If the callback does not return None and an authenticated userid is found, then the principals will include, the authenticated_userid and the list of principals returned by the callback:

extra_principals = callback(userid, request)
return [Everyone, Authenticated, userid] + extra_principals
class assembl.auth.util.UpgradingSessionAuthenticationPolicy(prefix='auth.', callback=None, debug=False)[source]

Bases: pyramid.authentication.SessionAuthenticationPolicy

A session authentication policy that tells the underlying beaker session whenever the user logs in or out. Allows to have different cookie policies


Remove the stored userid from the session.

remember(request, user_id, **kwargs)[source]

Store a userid in the session.

class assembl.auth.util.UpgradingTokenSessionAuthenticationPolicy(prefix='auth.', callback=None, debug=False)[source]

Bases: assembl.auth.util.TokenSessionAuthenticationPolicy, assembl.auth.util.UpgradingSessionAuthenticationPolicy

Mixing UpgradingSessionAuthenticationPolicy and TokenSessionAuthenticationPolicy.

assembl.auth.util.authentication_callback(user_id, request)[source]

This is how pyramid knows the user’s permissions


Obtain the discussion_id from the request, possibly without fetching the discussion


Pre-parse certain settings for python_social_auth, then load it.

assembl.auth.util.maybe_auto_subscribe(user, discussion)[source]

Auto-subscribe user to notifications if discussion requires it

Idempotent. Currently called at first login, maybe at user invite, but certainly configurable.