pypicloud.auth module

Utilities for authentication and authorization

class pypicloud.auth.BasicAuthenticationPolicy[source]

Bases: object

A :app:`Pyramid` authentication policy which obtains data from basic authentication headers.

Constructor Arguments


A callback passed the credentials and the request, expected to return None if the userid doesn’t exist or a sequence of group identifiers (possibly empty) if the user does exist. Required.

Verify login and return the authed userid


Get the authed groups for the active user


HTTP headers to forget credentials

remember(request, principal, **kw)[source]

HTTP Headers to remember credentials


Return userid without performing auth

class pypicloud.auth.SessionAuthPolicy[source]

Bases: object

Simple auth policy using beaker sessions


Return the authenticated userid or None if no authenticated userid can be found. This method of the policy should ensure that a record exists in whatever persistent store is used related to the user (the user should not have been deleted); if a record associated with the current id does not exist in a persistent store, it should return None.


Return a sequence representing the effective principals including the userid and any groups belonged to by the current user, including ‘system’ groups such as and


Return a set of headers suitable for ‘forgetting’ the current user on subsequent requests.

remember(request, principal, **_)[source]

This implementation is slightly different than expected. The application should call remember(userid) rather than remember(principal)


Return the unauthenticated userid. This method performs the same duty as authenticated_userid but is permitted to return the userid based only on data present in the request; it needn’t (and shouldn’t) check any persistent store to ensure that the user record related to the request userid exists.


Get the user/password from HTTP basic auth


Configure the app