authnzerver.actions.passcheck module

This contains functions to drive session-related auth actions.

authnzerver.actions.passcheck.auth_password_check(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

This runs a password check given a session token and password.

Used to gate high-security areas or operations that require re-verification of the password for a user’s existing session.

Parameters:
  • payload (dict) –

    This is a dict containing the following items:

    • session_token
    • password

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
  • raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing the result of the password verification check.
Return type:

dict
authnzerver.actions.passcheck.auth_password_check_nosession(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

This runs a password check given an email address and password.

Used to gate high-security areas or operations that require re-verification of the password for a user, without checking if they have a session.

Useful for APIs, where the ‘password’ is some API token.

Parameters:
  • payload (dict) –

    This is a dict containing the following items:

    • email
    • password

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
  • raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing the result of the password verification check.
Return type:

dict