Authentication

Todo

Docstrings (module, models, utilities)

Models

class indico.modules.auth.models.identities.Identity(**kwargs)

Identities of Indico users.

A simple constructor that allows initialization from kwargs.

Sets attributes on the constructed instance using the names and values in kwargs.

Only keys that are present as attributes of the instance’s class are allowed. These could be, for example, any mapped columns or relationships.

property data
id

the unique id of the identity

identifier

the unique identifier of the user within its provider

last_login_dt

the timestamp of the latest login

last_login_ip

the ip address that was used for the latest login

property locator
multipass_data

internal data used by the flask-multipass system

password

the password of the user in case of a local identity

password_hash

the hash of the password in case of a local identity

provider

the provider name of the identity

query: IndicoBaseQuery

A SQLAlchemy query for a model. Equivalent to db.session.query(Model). Can be customized per-model by overriding query_class.

Warning

The query interface is considered legacy in SQLAlchemy. Prefer using session.execute(select()) instead.

register_login(ip)

Update the last login information.

property safe_last_login_dt

last_login_dt that is safe for sorting (no None values).

user_id

the id of the user this identity belongs to

class indico.modules.auth.models.registration_requests.RegistrationRequest(**kwargs)

A simple constructor that allows initialization from kwargs.

Sets attributes on the constructed instance using the names and values in kwargs.

Only keys that are present as attributes of the instance’s class are allowed. These could be, for example, any mapped columns or relationships.

comment
email
extra_emails
id
property identity_data
locator()

Define a smart locator property.

This behaves pretty much like a normal read-only property and the decorated function should return a dict containing the necessary data to build a URL for the object.

This decorator should usually be applied to a method named locator as this name is required for get_locator to find it automatically when just passing the object.

If you need more than one locator, you can define it like this:

@locator_property
def locator(self):
    return {...}

@locator.other
def locator(self):
    return {...}

The other locator can then be accessed by passing obj.locator.other to the code expecting an object with a locator.

query: IndicoBaseQuery

A SQLAlchemy query for a model. Equivalent to db.session.query(Model). Can be customized per-model by overriding query_class.

Warning

The query interface is considered legacy in SQLAlchemy. Prefer using session.execute(select()) instead.

settings
user_data

Utilities

indico.modules.auth.util.impersonate_user(user)

Impersonate another user as an admin.

indico.modules.auth.util.load_identity_info()

Retrieve identity information from the session.

indico.modules.auth.util.redirect_to_login(next_url=None, reason=None)

Redirect to the login page.

Parameters:
  • next_url – URL to be redirected upon successful login. If not specified, it will be set to request.relative_url.

  • reason – Why the user is redirected to a login page.

indico.modules.auth.util.register_user(email, extra_emails, user_data, identity_data, settings, from_moderation=False)

Create a user based on the registration data provided during the user registration process (via RHRegister and RegistrationHandler).

This method is not meant to be used for generic user creation, the only reason why this is here is that approving a registration request is handled by the users module.

indico.modules.auth.util.save_identity_info(identity_info, user)

Save information from IdentityInfo in the session.

indico.modules.auth.util.should_skip_redirect_on_insecure_password(endpoint)
indico.modules.auth.util.undo_impersonate_user()

Undo an admin impersonation login and revert to the old user.

indico.modules.auth.util.url_for_login(next_url=None)
indico.modules.auth.util.url_for_logout(next_url=None)
indico.modules.auth.util.url_for_register(next_url=None, email=None)

Returns the URL to register

Parameters:
  • next_url – The URL to redirect to afterwards.

  • email – A pre-validated email address to use when creating a new local account. Use this argument ONLY when sending the link in an email or if the email address has already been validated using some other way.