authnzerver.actions.session module

This contains functions to drive session-related auth actions.

authnzerver.actions.session.auth_delete_sessions_userid(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

Removes all session tokens corresponding to a user ID.

If keep_current_session is True, will not delete the session token passed in the payload. This allows for “delete all my other logins” functionality.

Parameters:
  • payload (dict) –

    This is a dict with the following required keys:

    • session_token: str
    • user_id: int
    • keep_current_session: bool

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict with a success key indicating if the sessions were deleted successfully.
Return type:

dict
authnzerver.actions.session.auth_kill_old_sessions(session_expiry_days: int = 7, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

Kills all expired sessions.

Parameters:
  • session_expiry_days (int) – All sessions older than the current datetime + this value will be deleted.
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict with a success key indicating if the sessions were deleted successfully.
Return type:

dict
authnzerver.actions.session.auth_session_delete(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

Removes a session token, effectively ending a session.

Parameters:
  • payload (dict) –

    This is a dict with the following required keys:

    • session_token: str

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict with a success key indicating if the session was deleted successfully.
Return type:

dict
authnzerver.actions.session.auth_session_exists(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

Checks if the provided session token exists.

Parameters:
  • payload (dict) –

    This is a dict, with the following keys required:

    • session_token: str

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing all of the session info if it exists and has not expired.
Return type:

dict
authnzerver.actions.session.auth_session_new(payload: dict, override_authdb_path: str = None, raiseonfail: bool = False, config: types.SimpleNamespace = None) → dict[source]

Generates a new session token.

Parameters:
  • payload (dict) –

    This is the input payload dict. Required items:

    • ip_address: str
    • user_agent: str
    • user_id: int or None (None indicates an anonymous user)
    • expires: datetime object or date string in ISO format
    • extra_info_json: dict or None

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
  • raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

The dict returned is of the form:

{'success: True or False,
 'session_token': str session token 32 bytes long in base64 format,
 'expires': str date in ISO format,
 'messages': list of str messages to pass on to the user if any}

Return type:

dict
authnzerver.actions.session.internal_edit_session(payload: dict, raiseonfail: bool = False, override_authdb_path: str = None, config: types.SimpleNamespace = None) → dict[source]

Handles editing the extra_info_json field for an existing user session.

Meant for use internally in a frontend server.

Parameters:
  • payload (dict) –

    The input payload dict. Required items:

    • target_session_token: int, the session to edit
    • update_dict: dict, the changes to make to the extra_info_json column of the sessions table for the target session token.

    The extra_info_json field in the database will be updated with the info in update_dict. To delete an item from extra_info_json, pass in the special value of “__delete__” in update_dict for that item.

    In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):

    • reqid: int or str
    • pii_salt: str
  • raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
  • override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
  • config (SimpleNamespace object or None) – An object containing systemwide config variables as attributes. This is useful when the wrapping function needs to pass in some settings directly from environment variables.
Returns:

Returns a dict containing the new session information.
Return type:

dict