Authentication#

Overview#

A default authentication stack is provided by the cubicweb.pyramid.auth module, which is included in the pyramid.ini file (at cube creation, it is included by default, you have to remove/comment the line to disable it).

The authentication stack is built around pyramid_multiauth, and provides a few default policies that reproduce the default cubicweb behavior.

Note

Note that this module only provides an authentication policy, not the views that handle the login form. See cubicweb.pyramid.login

Customize#

The default policies can be individually deactivated, as well as the default authentication callback that returns the current user groups as principals.

The following settings can be set to False:

  • cubicweb.auth.update_login_time. Activate the policy that update the user login_time when remember is called.

  • cubicweb.auth.authtkt and all its subvalues.

  • cubicweb.auth.groups_principals

Additionnal policies can be added by accessing the MultiAuthenticationPolicy instance in the registry:

mypolicy = SomePolicy()
authpolicy = config.registry['cubicweb.authpolicy']
authpolicy._policies.append(mypolicy)