gws.base.auth.sql_provider

Base provider for the sql-based authorization.

SQL-based authentication works by executing SELECT queries against a SQL provider.

The “authorization” query receives the parameters “username”, “password”, and/or “token” from an authentication method. If the query doesn’t return any rows, the next authentication provider is attempted. Otherwise, exactly one row should be returned with at least the following columns:

  • validuser (bool) - mandatory, should be “true” if the user is allowed to log in

  • validpassword (bool) - mandatory, should be “true” if the password is valid

  • uid (str) - user id

  • ``roles``(str) - comma-separated list of roles

Column names are case-insensitive.

Other columns, if given, are converted to respective gws.User properties.

The “getUser” query receives user ID as a parameter and should return a record for this user.

Example configuration (assuming Postgres with pgcrypto):

auth.providers+ {
    type "sql"

    authorizationSql '''
        SELECT
            user.id
                AS uid,
            user.first_name || ' ' || user.last_name
                AS displayname,
            user.login
                AS login,
            user.is_enabled
                AS validuser,
            ( passwd = crypt({{password}}, passwd) )
                AS validpassword
        FROM
            public.user
        WHERE
            user.login = {{username}}
    '''

    getUserSql '''
        SELECT
            user.id
                AS uid,
            user.first_name || ' ' || user.last_name
                AS displayname,
            user.login
                AS login
        FROM
            public.user
        WHERE
            user.id = {{uid}}
    '''
}

Source code: gws.base.auth.sql_provider

Module Contents

class gws.base.auth.sql_provider.Config(*args, **kwargs)

Bases: gws.base.auth.provider.Config

SQL-based authorization provider

authorizationSql: str

Authorization SQL statement

dbUid: str | None

Database provider uid

getUserSql: str

User data SQL statement

class gws.base.auth.sql_provider.Object

Bases: gws.base.auth.provider.Object

Authentication Provider.

authorizationSql: str
db: gws.DatabaseProvider
getUserSql: str
authenticate(method, credentials)

Authenticate a user.

Parameters:

  • method – Authentication method.

  • credentials – Credentials object.

Returns:

An authenticated User or None if authentication failed.

configure()

Configuration hook.

configure_provider()
get_user(local_uid)

Get a User from its local uid.

Parameters:

local_uid – User local uid.

Returns:

A User or None.

class gws.base.auth.sql_provider.Placeholders

Bases: gws.Enum

Enumeration type.

Despite being declared as extending Enum (for IDE support), this class is actually just a simple object and intended to be used as a collection of attributes. It doesn’t provide any Enum-specific utilities.

The rationale behind this is that we need Enum members (e.g. Color.RED) to be scalars, and not complex objects as in the standard Enum.

password = 'password'
token = 'token'
uid = 'uid'
username = 'username'