Settings

Cubicweb Settings

Pyramid CubicWeb will make use of the following configuration entries if found in the cubicweb configuration (a.k.a. all-in-one.conf):

Warning

These settings requires the pyramid cube to be enabled on the instance.

pyramid-session-secret

Secret phrase to sign the session cookie

Used by pyramid_cubicweb.session.includeme() to configure the default session factory.

pyramid-session-secret = <some very secret passphrase>

pyramid-auth-secret

Secret phrase to sign the authentication cookie

Used by pyramid_cubicweb.auth.includeme() to configure the default authentication policy.

pyramid-auth-secret = <some other very secret passphrase>

Pyramid Settings

If a pyramid.ini file is found in the instance home directory (where the all-in-one.conf file is), its [main] section will be read and used as the settings of the pyramid Configurator.

This configuration file is almost the same as the one read by pserve, which allow to easily add any pyramid extension and configure it.

A typical pyramid.ini file is:

[main]
pyramid.includes =
    pyramid_redis_sessions

cubicweb.defaults = no
cubicweb.includes =
    pyramid_cubicweb.auth
    pyramid_cubicweb.login

cubicweb.profile = no

redis.sessions.secret = your_cookie_signing_secret
redis.sessions.timeout = 1200

redis.sessions.host = mywheezy

The Pyramid CubicWeb specific configuration entries are:

cubicweb.includes (list)

Same as pyramid.includes, but the includes are done after the cubicweb specific registry entries are initialized.

Useful to include extensions that requires these entries.

cubicweb.bwcompat (bool)

(True) Enable/disable backward compatibility. See pyramid_cubicweb.bwcompat.

cubicweb.defaults (bool)

(True) Enable/disable defaults. See pyramid_cubicweb.defaults.

cubicweb.profile (bool)

(False) Enable/disable profiling. See Profiling.

cubicweb.auth.update_login_time (bool)

(True) Add a pyramid_cubicweb.auth.UpdateLoginTimeAuthenticationPolicy policy, that update the CWUser.login_time attribute when a user login.

cubicweb.auth.authtkt (bool)

(True) Enables the 2 cookie-base auth policies, which activate/deactivate depending on the persistent argument passed to remember.

The default login views set persistent to True if a __setauthcookie parameters is passed to them, and evals to True in pyramid.settings.asbool().

The configuration values of the policies are arguments for pyramid.authentication.AuthTktAuthenticationPolicy.

The first policy handles session authentication. It doesn’t get activated if remember() is called with persistent=False:

cubicweb.auth.authtkt.session.cookie_name (str)

(‘auth_tkt’) The cookie name. Must be different from the persistent authentication cookie name.

cubicweb.auth.authtkt.session.timeout (int)

1200. Cookie timeout.

cubicweb.auth.authtkt.session.reissue_time (int)

120. Reissue time.

The second policy handles persistent authentication. It doesn’t get activated if remember() is called with persistent=True:

cubicweb.auth.authtkt.persistent.cookie_name (str)

(‘auth_tkt’) The cookie name. Must be different from the session authentication cookie name.

cubicweb.auth.authtkt.persistent.max_age (int)

(30 days) Max age in seconds.

cubicweb.auth.authtkt.persistent.reissue_time (int)

(1 day) Reissue time in seconds.

cubicweb.auth.groups_principals (bool)

(True) Setup a callback on the authentication stack that inject the user groups in the principals.