Authentication¶

Overview¶

A default authentication stack is provided by the pyramid_cubicweb.auth module, which is included by pyramid_cubicweb.default.

The authentication stack is built around pyramid_multiauth, and provides a few default policies that reproduce the default cubicweb behavior.

Note

Note that this module only provides an authentication policy, not the views that handle the login form. See pyramid_cubicweb.login

Customize¶

The default policies can be individually deactivated, as well as the default authentication callback that returns the current user groups as principals.

The following settings can be set to False:

cubicweb.auth.update_login_time. Activate the policy that update the user login_time when remember is called.
cubicweb.auth.authtkt and all its subvalues.
cubicweb.auth.groups_principals

Additionnal policies can be added by accessing the MultiAuthenticationPolicy instance in the registry:

mypolicy = SomePolicy()
authpolicy = config.registry['cubicweb.authpolicy']
authpolicy._policies.append(mypolicy)