authnzerver.actions.loginlogout module

This contains functions to log a user in and out.

authnzerver.actions.loginlogout.auth_user_login(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

Logs a user in.

Login flow for frontend:

session cookie get -> check session exists -> check user login -> old session delete (no matter what) -> new session create (with actual user_id and other info now included if successful or same user_id = anon if not successful) -> done

The frontend MUST unset the cookie as well.

FIXME: update (and fake-update) the Users table with the last_login_try and last_login_success.

Parameters:
  • payload (dict) –

    The payload dict should contain the following keys:

    • session_token: str
    • email: str
    • password: str

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
  • raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing the result of the password verification check.
Return type:

dict
authnzerver.actions.loginlogout.auth_user_logout(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

Logs out a user.

Deletes the session token from the session store. On the next request (redirect from POST /auth/logout to GET /), the frontend will issue a new one.

The frontend MUST unset the cookie as well.

Parameters:
  • payload (dict) –

    The payload dict should contain the following keys:

    • session_token: str
    • user_id: int

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
  • raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing the result of the password verification check.
Return type:

dict