users

The objects defined in this file used in conjunction with authentication, authorization and permission objects form a complete user management system.

However, there is no requirement to use this user management API at all. If you define your own authentication checks by specifying your own valid_password() or digest_password() methods when setting up the authentication middleware, and you create your own permissions objects based on your own requriements then you will have no need for this implementation. It is simply provided as a useful default implementation for users looking for a simple, ready made solution that doesn't require any integration.

The implementation consists of the following:

authkit.authenticate.valid_password()

A valid_password() implementation used by default with the basic or form authentication methods that checks usernames and passwords against those defined in the user management API object.

authkit.authenticate.digest_password()

A digest_password() implementation used by default with the digest authentication which produces a digest from the users set up in the user management API object.

authkit.permissions.HasAuthKitRole

A permission object which checks the signed in user's role from the user management API object.

authkit.permissions.HasAuthKitGroup

A permission object which checks the signed in user's group from the user management API object.

authkit.permissions.ValidAuthKitUser

A permission object which checks the signed in user is defined in the user management API object.

Of course since the user management API is fairly generic, it is possible to have different implementations. This module has two implementations both derived from the base Users class. They are UsersFromString and UsersFromFile. By default, authkit.authenticate.middleware uses UsersFromString and expects you to specify your users, groups and roles as a string in the config file in the way described in the main AuthKit manual but you can also specify you wish to use the alternative implementation to load your user data from a file.

Of course you are also free to create your own implementation derived from Users and as long as it keeps the same API, the existing functions and permissions mentioned earlier will work without modification when using your user management API object. This means that if your requirements are very simple you might prefer to create a custom Users object rather than integrate AuthKit into your project in the slightly lower level fashion by defining the valid_password() and digest_password() functions and any necessary permissions.

If you are using the authentication middleware with users, the Users object will be available in your code as environ[authkit.users].