authnzerver.actions.passcheck module¶
This contains functions to drive session-related auth actions.
-
authnzerver.actions.passcheck.
auth_password_check
(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]¶ This runs a password check given a session token and password.
Used to gate high-security areas or operations that require re-verification of the password for a user’s existing session.
Parameters: - payload (dict) –
This is a dict containing the following items:
- session_token
- password
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
- raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
- config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns: Returns a dict containing the result of the password verification check.
Return type: dict
- payload (dict) –
-
authnzerver.actions.passcheck.
auth_password_check_nosession
(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]¶ This runs a password check given an email address and password.
Used to gate high-security areas or operations that require re-verification of the password for a user, without checking if they have a session.
Useful for APIs, where the ‘password’ is some API token.
Parameters: - payload (dict) –
This is a dict containing the following items:
- password
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
- raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
- config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns: Returns a dict containing the result of the password verification check.
Return type: dict
- payload (dict) –