Settings¶
Cubicweb Settings¶
Pyramid CubicWeb will make use of the following configuration entries if found in the cubicweb configuration (a.k.a. all-in-one.conf):
Warning
These settings requires the pyramid cube to be enabled on the instance.
-
pyramid-session-secret
¶ Secret phrase to sign the session cookie
Used by
pyramid_cubicweb.session.includeme()
to configure the default session factory.pyramid-session-secret = <some very secret passphrase>
-
pyramid-auth-secret
¶ Secret phrase to sign the authentication cookie
Used by
pyramid_cubicweb.auth.includeme()
to configure the default authentication policy.pyramid-auth-secret = <some other very secret passphrase>
Pyramid Settings¶
If a pyramid.ini
file is found in the instance home directory (where the
all-in-one.conf
file is), its [main]
section will be read and used as the
settings
of the pyramid Configurator.
This configuration file is almost the same as the one read by pserve
, which
allow to easily add any pyramid extension and configure it.
A typical pyramid.ini
file is:
[main]
pyramid.includes =
pyramid_redis_sessions
cubicweb.defaults = no
cubicweb.includes =
pyramid_cubicweb.auth
pyramid_cubicweb.login
cubicweb.profile = no
redis.sessions.secret = your_cookie_signing_secret
redis.sessions.timeout = 1200
redis.sessions.host = mywheezy
The Pyramid CubicWeb specific configuration entries are:
-
cubicweb.includes (list)
¶ Same as
pyramid.includes
, but the includes are done after the cubicweb specific registry entries are initialized.Useful to include extensions that requires these entries.
-
cubicweb.bwcompat (bool)
¶ (True) Enable/disable backward compatibility. See pyramid_cubicweb.bwcompat.
-
cubicweb.defaults (bool)
¶ (True) Enable/disable defaults. See pyramid_cubicweb.defaults.
-
cubicweb.auth.update_login_time (bool)
¶ (True) Add a
pyramid_cubicweb.auth.UpdateLoginTimeAuthenticationPolicy
policy, that update the CWUser.login_time attribute when a user login.
-
cubicweb.auth.authtkt (bool)
¶ (True) Enables the 2 cookie-base auth policies, which activate/deactivate depending on the persistent argument passed to remember.
The default login views set persistent to True if a __setauthcookie parameters is passed to them, and evals to True in
pyramid.settings.asbool()
.The configuration values of the policies are arguments for
pyramid.authentication.AuthTktAuthenticationPolicy
.The first policy handles session authentication. It doesn’t get activated if remember() is called with persistent=False:
(‘auth_tkt’) The cookie name. Must be different from the persistent authentication cookie name.
-
cubicweb.auth.authtkt.session.timeout (int)
¶ - Cookie timeout.
-
cubicweb.auth.authtkt.session.reissue_time (int)
¶ - Reissue time.
The second policy handles persistent authentication. It doesn’t get activated if remember() is called with persistent=True:
(‘auth_tkt’) The cookie name. Must be different from the session authentication cookie name.
-
cubicweb.auth.authtkt.persistent.max_age (int)
¶ (30 days) Max age in seconds.
-
cubicweb.auth.authtkt.persistent.reissue_time (int)
¶ (1 day) Reissue time in seconds.
-
cubicweb.auth.groups_principals (bool)
¶ (True) Setup a callback on the authentication stack that inject the user groups in the principals.