authnzerver.actions.session module¶
This contains functions to drive session-related auth actions.
-
authnzerver.actions.session.
auth_delete_sessions_userid
(payload, override_authdb_path=None, raiseonfail=False)[source]¶ Removes all session tokens corresponding to a user ID.
If keep_current_session is True, will not delete the session token passed in the payload. This allows for “delete all my other logins” functionality.
Parameters: - payload (dict) –
This is a dict with the following required keys:
- session_token: str
- user_id: int
- keep_current_session: bool
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
- raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns: Returns a dict with a success key indicating if the sessions were deleted successfully.
Return type: dict
- payload (dict) –
-
authnzerver.actions.session.
auth_kill_old_sessions
(session_expiry_days=7, override_authdb_path=None, raiseonfail=False)[source]¶ Kills all expired sessions.
Parameters: - session_expiry_days (int) – All sessions older than the current datetime + this value will be deleted.
- override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
- raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns: Returns a dict with a success key indicating if the sessions were deleted successfully.
Return type: dict
-
authnzerver.actions.session.
auth_password_check
(payload, override_authdb_path=None, raiseonfail=False)[source]¶ This runs a password check given a session token and password.
Used to gate high-security areas or operations that require re-verification of the password for a user’s existing session.
Parameters: - payload (dict) –
This is a dict containing the following items:
- session_token
- password
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
- raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
Returns: Returns a dict containing the result of the password verification check.
Return type: dict
- payload (dict) –
-
authnzerver.actions.session.
auth_session_delete
(payload, override_authdb_path=None, raiseonfail=False)[source]¶ Removes a session token, effectively ending a session.
Parameters: - payload (dict) –
This is a dict with the following required keys:
- session_token: str
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
- raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns: Returns a dict with a success key indicating if the session was deleted successfully.
Return type: dict
- payload (dict) –
-
authnzerver.actions.session.
auth_session_exists
(payload, override_authdb_path=None, raiseonfail=False)[source]¶ Checks if the provided session token exists.
Parameters: - payload (dict) –
This is a dict, with the following keys required:
- session_token: str
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
- raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns: Returns a dict containing all of the session info if it exists and has not expired.
Return type: dict
- payload (dict) –
-
authnzerver.actions.session.
auth_session_new
(payload, override_authdb_path=None, raiseonfail=False)[source]¶ Generates a new session token.
Parameters: - payload (dict) –
This is the input payload dict. Required items:
- ip_address: str
- user_agent: str
- user_id: int or None (None indicates an anonymous user)
- expires: datetime object or date string in ISO format
- extra_info_json: dict or None
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – If given as a str, is the alternative path to the auth DB.
- raiseonfail (bool) – If True, will raise an Exception if something goes wrong.
Returns: The dict returned is of the form:
{'success: True or False, 'session_token': str session token 32 bytes long in base64 format, 'expires': str date in ISO format, 'messages': list of str messages to pass on to the user if any}
Return type: dict
- payload (dict) –
-
authnzerver.actions.session.
auth_session_set_extrainfo
(payload, raiseonfail=False, override_authdb_path=None)[source]¶ Adds info to the extra_info_json key of a session column.
Parameters: - payload (dict) –
This should contain the following items:
- session_token : str, the session token to update
- extra_info : dict, the update dict to put into the extra_info_json
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
- override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
Returns: Returns a dict containing the new session info dict.
Return type: dict
- payload (dict) –
-
authnzerver.actions.session.
auth_user_login
(payload, override_authdb_path=None, raiseonfail=False)[source]¶ Logs a user in.
Login flow for frontend:
session cookie get -> check session exists -> check user login -> old session delete (no matter what) -> new session create (with actual user_id and other info now included if successful or same user_id = anon if not successful) -> done
The frontend MUST unset the cookie as well.
FIXME: update (and fake-update) the Users table with the last_login_try and last_login_success.
Parameters: - payload (dict) –
The payload dict should contain the following keys:
- session_token: str
- email: str
- password: str
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
- raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
Returns: Returns a dict containing the result of the password verification check.
Return type: dict
- payload (dict) –
-
authnzerver.actions.session.
auth_user_logout
(payload, override_authdb_path=None, raiseonfail=False)[source]¶ Logs out a user.
Deletes the session token from the session store. On the next request (redirect from POST /auth/logout to GET /), the frontend will issue a new one.
The frontend MUST unset the cookie as well.
Parameters: - payload (dict) –
The payload dict should contain the following keys:
- session_token: str
- user_id: int
In addition to these items received from an authnzerver client, the payload must also include the following keys (usually added in by a wrapping function):
- reqid: int or str
- pii_salt: str
- override_authdb_path (str or None) – The SQLAlchemy database URL to use if not using the default auth DB.
- raiseonfail (bool) – If True, and something goes wrong, this will raise an Exception instead of returning normally with a failure condition.
Returns: Returns a dict containing the result of the password verification check.
Return type: dict
- payload (dict) –