authnzerver.actions.session module¶

This contains functions to drive session-related auth actions.

authnzerver.actions.session.auth_delete_sessions_userid(payload, override_authdb_path=None, raiseonfail=False)[source]¶

Removes all session tokens corresponding to a user ID.

If keep_current_session is True, will not delete the session token passed in the payload. This allows for “delete all my other logins” functionality.

Parameters:	payload (dict) – This is a dict with the following required keys: session_token: str user_id: int keep_current_session: bool In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function): reqid: int or str pii_salt: str override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB. raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns:	Returns a dict with a success key indicating if the sessions were deleted successfully.
Return type:	dict

authnzerver.actions.session.auth_kill_old_sessions(session_expiry_days=7, override_authdb_path=None, raiseonfail=False)[source]¶

Kills all expired sessions.

Parameters:	session_expiry_days (int) – All sessions older than the current datetime + this value will be deleted. override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB. raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns:	Returns a dict with a success key indicating if the sessions were deleted successfully.
Return type:	dict

authnzerver.actions.session.auth_password_check(payload, override_authdb_path=None, raiseonfail=False)[source]¶

This runs a password check given a session token and password.

Used to gate high-security areas or operations that require re-verification of the password for a user’s existing session.

Parameters:	payload (dict) – This is a dict containing the following items: session_token password In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function): reqid: int or str pii_salt: str override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB. raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
Returns:	Returns a dict containing the result of the password verification check.
Return type:	dict

authnzerver.actions.session.auth_session_delete(payload, override_authdb_path=None, raiseonfail=False)[source]¶

Removes a session token, effectively ending a session.

Parameters:	payload (dict) – This is a dict with the following required keys: session_token: str In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function): reqid: int or str pii_salt: str override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB. raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns:	Returns a dict with a success key indicating if the session was deleted successfully.
Return type:	dict

authnzerver.actions.session.auth_session_exists(payload, override_authdb_path=None, raiseonfail=False)[source]¶

Checks if the provided session token exists.

Parameters:	payload (dict) – This is a dict, with the following keys required: session_token: str In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function): reqid: int or str pii_salt: str override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB. raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns:	Returns a dict containing all of the session info if it exists and has not expired.
Return type:	dict

authnzerver.actions.session.auth_session_new(payload, override_authdb_path=None, raiseonfail=False)[source]¶

Generates a new session token.

Parameters:

payload (dict) –
This is the input payload dict. Required items:
- ip_address: str
- user_agent: str
- user_id: int or None (None indicates an anonymous user)
- expires: datetime object or date string in ISO format
- extra_info_json: dict or None
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
raiseonfail (bool) – If True, will raise an Exception if something goes wrong.

Returns:

The dict returned is of the form:

{'success: True or False,
 'session_token': str session token 32 bytes long in base64 format,
 'expires': str date in ISO format,
 'messages': list of str messages to pass on to the user if any}

Return type:

dict

authnzerver.actions.session.auth_session_set_extrainfo(payload, raiseonfail=False, override_authdb_path=None)[source]¶

Adds info to the extra_info_json key of a session column.

Parameters:	payload (dict) – This should contain the following items: session_token : str, the session token to update extra_info : dict, the update dict to put into the extra_info_json In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function): reqid: int or str pii_salt: str raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition. override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
Returns:	Returns a dict containing the new session info dict.
Return type:	dict

authnzerver.actions.session.auth_user_login(payload, override_authdb_path=None, raiseonfail=False)[source]¶

Logs a user in.

Login flow for frontend:

session cookie get -> check session exists -> check user login -> old session delete (no matter what) -> new session create (with actual user_id and other info now included if successful or same user_id = anon if not successful) -> done

The frontend MUST unset the cookie as well.

FIXME: update (and fake-update) the Users table with the last_login_try and last_login_success.

Parameters:	payload (dict) – The payload dict should contain the following keys: session_token: str email: str password: str In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function): reqid: int or str pii_salt: str override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB. raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
Returns:	Returns a dict containing the result of the password verification check.
Return type:	dict

authnzerver.actions.session.auth_user_logout(payload, override_authdb_path=None, raiseonfail=False)[source]¶

Logs out a user.

Deletes the session token from the session store. On the next request (redirect from POST /auth/logout to GET /), the frontend will issue a new one.

The frontend MUST unset the cookie as well.

Parameters:	payload (dict) – The payload dict should contain the following keys: session_token: str user_id: int In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function): reqid: int or str pii_salt: str override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB. raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
Returns:	Returns a dict containing the result of the password verification check.
Return type:	dict