Authentication#
Overview#
A default authentication stack is provided by the cubicweb.pyramid.auth
module, which is included in the pyramid.ini file (at cube creation, it is
included by default, you have to remove/comment the line to disable it).
The authentication stack is built around pyramid_multiauth, and provides a few default policies that reproduce the default cubicweb behavior.
Note
Note that this module only provides an authentication policy, not the views that handle the login form. See cubicweb.pyramid.login
Customize#
The default policies can be individually deactivated, as well as the default authentication callback that returns the current user groups as principals.
The following settings can be set to False:
cubicweb.auth.update_login_time
. Activate the policy that update the user login_time when remember is called.cubicweb.auth.authtkt
and all its subvalues.cubicweb.auth.groups_principals
Additionnal policies can be added by accessing the MultiAuthenticationPolicy instance in the registry:
mypolicy = SomePolicy()
authpolicy = config.registry['cubicweb.authpolicy']
authpolicy._policies.append(mypolicy)