Fork me on GitHub

Cork main module

exception cork.cork.AAAException[source]

Bases: exceptions.Exception

Generic Authentication/Authorization Exception

args
message
exception cork.cork.AuthException[source]

Bases: cork.cork.AAAException

Authentication Exception: incorrect username/password pair

args
message
class cork.cork.BaseCork(directory=None, backend=None, email_sender=None, initialize=False, session_domain=None, smtp_server=None, smtp_url='localhost', session_key_name=None)[source]

Bases: object

Abstract class

Auth/Authorization/Accounting class

Parameters:
  • directory (str.) – configuration directory
  • users_fname (str.) – users filename (without .json), defaults to ‘users’
  • roles_fname (str.) – roles filename (without .json), defaults to ‘roles’
login(username, password, success_redirect=None, fail_redirect=None)[source]

Check login credentials for an existing user. Optionally redirect the user to another page (typically /login)

Parameters:
  • username (str or unicode.) – username
  • password (str.or unicode) – cleartext password
  • success_redirect (str.) – redirect authorized users (optional)
  • fail_redirect (str.) – redirect unauthorized users (optional)
Returns:

True for successful logins, else False

logout(success_redirect='/login', fail_redirect='/login')[source]

Log the user out, remove cookie

Parameters:
  • success_redirect (str.) – redirect the user after logging out
  • fail_redirect (str.) – redirect the user if it is not logged in
require(username=None, role=None, fixed_role=False, fail_redirect=None)[source]

Ensure the user is logged in has the required role (or higher). Optionally redirect the user to another page (typically /login) If both username and role are specified, both conditions need to be satisfied. If none is specified, any authenticated user will be authorized. By default, any role with higher level than role will be authorized; set fixed_role=True to prevent this.

Parameters:
  • username (str.) – username (optional)
  • role (str.) – role
  • fixed_role (bool.) – require user role to match role strictly
  • redirect (str.) – redirect unauthorized users (optional)
create_role(role, level)[source]

Create a new role.

Parameters:
  • role (str.) – role name
  • level (int.) – role level (0=lowest, 100=admin)
Raises:

AuthException on errors

delete_role(role)[source]

Deleta a role.

Parameters:role (str.) – role name
Raises:AuthException on errors
list_roles()[source]

List roles.

Returns:(role, role_level) generator (sorted by role)
create_user(username, role, password, email_addr=None, description=None)[source]

Create a new user account. This method is available to users with level>=100

Parameters:
  • username (str.) – username
  • role (str.) – role
  • password (str.) – cleartext password
  • email_addr (str.) – email address (optional)
  • description (str.) – description (free form)
Raises:

AuthException on errors

delete_user(username)[source]

Delete a user account. This method is available to users with level>=100

Parameters:username (str.) – username
Raises:Exceptions on errors
list_users()[source]

List users.

Returns:(username, role, email_addr, description) generator (sorted by username)
current_user

Current autenticated user

Returns:User() instance, if authenticated
Raises:AuthException otherwise
user_is_anonymous

Check if the current user is anonymous.

Returns:True if the user is anonymous, False otherwise
Raises:AuthException if the session username is unknown
user(username)[source]

Existing user

Returns:User() instance if the user exist, None otherwise
register(username, password, email_addr, role='user', max_level=50, subject='Signup confirmation', email_template='views/registration_email.tpl', description=None, **kwargs)[source]

Register a new user account. An email with a registration validation is sent to the user. WARNING: this method is available to unauthenticated users

Parameters:
  • username (str.) – username
  • password (str.) – cleartext password
  • role (str.) – role (optional), defaults to ‘user’
  • max_level (int.) – maximum role level (optional), defaults to 50
  • email_addr (str.) – email address
  • subject (str.) – email subject
  • email_template (str.) – email template filename
  • description (str.) – description (free form)
Raises:

AssertError or AAAException on errors

validate_registration(registration_code)[source]

Validate pending account registration, create a new account if successful.

Parameters:registration_code (str.) – registration code
send_password_reset_email(username=None, email_addr=None, subject='Password reset confirmation', email_template='views/password_reset_email', **kwargs)[source]

Email the user with a link to reset his/her password If only one parameter is passed, fetch the other from the users database. If both are passed they will be matched against the users database as a security check.

Parameters:
  • username (str.) – username
  • email_addr (str.) – email address
  • subject (str.) – email subject
  • email_template (str.) – email template filename
Raises:

AAAException on missing username or email_addr, AuthException on incorrect username/email_addr pair

reset_password(reset_code, password)[source]

Validate reset_code and update the account password The username is extracted from the reset_code token

Parameters:
  • reset_code (str.) – reset token
  • password (str.) – new password
Raises:

AuthException for invalid reset tokens, AAAException

make_auth_decorator(username=None, role=None, fixed_role=False, fail_redirect='/login')[source]

Create a decorator to be used for authentication and authorization

Parameters:
  • username – A resource can be protected for a specific user
  • role – Minimum role level required for authorization
  • fixed_role – Only this role gets authorized
  • fail_redirect – The URL to redirect to if a login is required.
class cork.cork.User(username, cork_obj, session=None)[source]

Bases: object

Represent an authenticated user, exposing useful attributes: username, role, level, description, email_addr, session_creation_time, session_accessed_time, session_id. The session-related attributes are available for the current user only.

Parameters:
  • username (str.) – username
  • cork_obj – instance of Cork
update(role=None, pwd=None, email_addr=None)[source]

Update an user account data

Parameters:
  • role (str.) – change user role, if specified
  • pwd (str.) – change user password, if specified
  • email_addr (str.) – change user email address, if specified
Raises:

AAAException on nonexistent user or role.

delete()[source]

Delete user account

Raises:AAAException on nonexistent user.
exception cork.cork.Redirect[source]

Bases: exceptions.Exception

args
message
cork.cork.raise_redirect(path)[source]
class cork.cork.Cork(directory=None, backend=None, email_sender=None, initialize=False, session_domain=None, smtp_server=None, smtp_url='localhost', session_key_name=None)[source]

Bases: cork.cork.BaseCork

Auth/Authorization/Accounting class

Parameters:
  • directory (str.) – configuration directory
  • users_fname (str.) – users filename (without .json), defaults to ‘users’
  • roles_fname (str.) – roles filename (without .json), defaults to ‘roles’
create_role(role, level)

Create a new role.

Parameters:
  • role (str.) – role name
  • level (int.) – role level (0=lowest, 100=admin)
Raises:

AuthException on errors

create_user(username, role, password, email_addr=None, description=None)

Create a new user account. This method is available to users with level>=100

Parameters:
  • username (str.) – username
  • role (str.) – role
  • password (str.) – cleartext password
  • email_addr (str.) – email address (optional)
  • description (str.) – description (free form)
Raises:

AuthException on errors

current_user

Current autenticated user

Returns:User() instance, if authenticated
Raises:AuthException otherwise
delete_role(role)

Deleta a role.

Parameters:role (str.) – role name
Raises:AuthException on errors
delete_user(username)

Delete a user account. This method is available to users with level>=100

Parameters:username (str.) – username
Raises:Exceptions on errors
list_roles()

List roles.

Returns:(role, role_level) generator (sorted by role)
list_users()

List users.

Returns:(username, role, email_addr, description) generator (sorted by username)
login(username, password, success_redirect=None, fail_redirect=None)

Check login credentials for an existing user. Optionally redirect the user to another page (typically /login)

Parameters:
  • username (str or unicode.) – username
  • password (str.or unicode) – cleartext password
  • success_redirect (str.) – redirect authorized users (optional)
  • fail_redirect (str.) – redirect unauthorized users (optional)
Returns:

True for successful logins, else False

logout(success_redirect='/login', fail_redirect='/login')

Log the user out, remove cookie

Parameters:
  • success_redirect (str.) – redirect the user after logging out
  • fail_redirect (str.) – redirect the user if it is not logged in
make_auth_decorator(username=None, role=None, fixed_role=False, fail_redirect='/login')

Create a decorator to be used for authentication and authorization

Parameters:
  • username – A resource can be protected for a specific user
  • role – Minimum role level required for authorization
  • fixed_role – Only this role gets authorized
  • fail_redirect – The URL to redirect to if a login is required.
register(username, password, email_addr, role='user', max_level=50, subject='Signup confirmation', email_template='views/registration_email.tpl', description=None, **kwargs)

Register a new user account. An email with a registration validation is sent to the user. WARNING: this method is available to unauthenticated users

Parameters:
  • username (str.) – username
  • password (str.) – cleartext password
  • role (str.) – role (optional), defaults to ‘user’
  • max_level (int.) – maximum role level (optional), defaults to 50
  • email_addr (str.) – email address
  • subject (str.) – email subject
  • email_template (str.) – email template filename
  • description (str.) – description (free form)
Raises:

AssertError or AAAException on errors

require(username=None, role=None, fixed_role=False, fail_redirect=None)

Ensure the user is logged in has the required role (or higher). Optionally redirect the user to another page (typically /login) If both username and role are specified, both conditions need to be satisfied. If none is specified, any authenticated user will be authorized. By default, any role with higher level than role will be authorized; set fixed_role=True to prevent this.

Parameters:
  • username (str.) – username (optional)
  • role (str.) – role
  • fixed_role (bool.) – require user role to match role strictly
  • redirect (str.) – redirect unauthorized users (optional)
reset_password(reset_code, password)

Validate reset_code and update the account password The username is extracted from the reset_code token

Parameters:
  • reset_code (str.) – reset token
  • password (str.) – new password
Raises:

AuthException for invalid reset tokens, AAAException

send_password_reset_email(username=None, email_addr=None, subject='Password reset confirmation', email_template='views/password_reset_email', **kwargs)

Email the user with a link to reset his/her password If only one parameter is passed, fetch the other from the users database. If both are passed they will be matched against the users database as a security check.

Parameters:
  • username (str.) – username
  • email_addr (str.) – email address
  • subject (str.) – email subject
  • email_template (str.) – email template filename
Raises:

AAAException on missing username or email_addr, AuthException on incorrect username/email_addr pair

user(username)

Existing user

Returns:User() instance if the user exist, None otherwise
user_is_anonymous

Check if the current user is anonymous.

Returns:True if the user is anonymous, False otherwise
Raises:AuthException if the session username is unknown
validate_registration(registration_code)

Validate pending account registration, create a new account if successful.

Parameters:registration_code (str.) – registration code
class cork.cork.FlaskCork(directory=None, backend=None, email_sender=None, initialize=False, session_domain=None, smtp_server=None, smtp_url='localhost', session_key_name=None)[source]

Bases: cork.cork.BaseCork

Auth/Authorization/Accounting class

Parameters:
  • directory (str.) – configuration directory
  • users_fname (str.) – users filename (without .json), defaults to ‘users’
  • roles_fname (str.) – roles filename (without .json), defaults to ‘roles’
create_role(role, level)

Create a new role.

Parameters:
  • role (str.) – role name
  • level (int.) – role level (0=lowest, 100=admin)
Raises:

AuthException on errors

create_user(username, role, password, email_addr=None, description=None)

Create a new user account. This method is available to users with level>=100

Parameters:
  • username (str.) – username
  • role (str.) – role
  • password (str.) – cleartext password
  • email_addr (str.) – email address (optional)
  • description (str.) – description (free form)
Raises:

AuthException on errors

current_user

Current autenticated user

Returns:User() instance, if authenticated
Raises:AuthException otherwise
delete_role(role)

Deleta a role.

Parameters:role (str.) – role name
Raises:AuthException on errors
delete_user(username)

Delete a user account. This method is available to users with level>=100

Parameters:username (str.) – username
Raises:Exceptions on errors
list_roles()

List roles.

Returns:(role, role_level) generator (sorted by role)
list_users()

List users.

Returns:(username, role, email_addr, description) generator (sorted by username)
login(username, password, success_redirect=None, fail_redirect=None)

Check login credentials for an existing user. Optionally redirect the user to another page (typically /login)

Parameters:
  • username (str or unicode.) – username
  • password (str.or unicode) – cleartext password
  • success_redirect (str.) – redirect authorized users (optional)
  • fail_redirect (str.) – redirect unauthorized users (optional)
Returns:

True for successful logins, else False

logout(success_redirect='/login', fail_redirect='/login')

Log the user out, remove cookie

Parameters:
  • success_redirect (str.) – redirect the user after logging out
  • fail_redirect (str.) – redirect the user if it is not logged in
make_auth_decorator(username=None, role=None, fixed_role=False, fail_redirect='/login')

Create a decorator to be used for authentication and authorization

Parameters:
  • username – A resource can be protected for a specific user
  • role – Minimum role level required for authorization
  • fixed_role – Only this role gets authorized
  • fail_redirect – The URL to redirect to if a login is required.
register(username, password, email_addr, role='user', max_level=50, subject='Signup confirmation', email_template='views/registration_email.tpl', description=None, **kwargs)

Register a new user account. An email with a registration validation is sent to the user. WARNING: this method is available to unauthenticated users

Parameters:
  • username (str.) – username
  • password (str.) – cleartext password
  • role (str.) – role (optional), defaults to ‘user’
  • max_level (int.) – maximum role level (optional), defaults to 50
  • email_addr (str.) – email address
  • subject (str.) – email subject
  • email_template (str.) – email template filename
  • description (str.) – description (free form)
Raises:

AssertError or AAAException on errors

require(username=None, role=None, fixed_role=False, fail_redirect=None)

Ensure the user is logged in has the required role (or higher). Optionally redirect the user to another page (typically /login) If both username and role are specified, both conditions need to be satisfied. If none is specified, any authenticated user will be authorized. By default, any role with higher level than role will be authorized; set fixed_role=True to prevent this.

Parameters:
  • username (str.) – username (optional)
  • role (str.) – role
  • fixed_role (bool.) – require user role to match role strictly
  • redirect (str.) – redirect unauthorized users (optional)
reset_password(reset_code, password)

Validate reset_code and update the account password The username is extracted from the reset_code token

Parameters:
  • reset_code (str.) – reset token
  • password (str.) – new password
Raises:

AuthException for invalid reset tokens, AAAException

send_password_reset_email(username=None, email_addr=None, subject='Password reset confirmation', email_template='views/password_reset_email', **kwargs)

Email the user with a link to reset his/her password If only one parameter is passed, fetch the other from the users database. If both are passed they will be matched against the users database as a security check.

Parameters:
  • username (str.) – username
  • email_addr (str.) – email address
  • subject (str.) – email subject
  • email_template (str.) – email template filename
Raises:

AAAException on missing username or email_addr, AuthException on incorrect username/email_addr pair

user(username)

Existing user

Returns:User() instance if the user exist, None otherwise
user_is_anonymous

Check if the current user is anonymous.

Returns:True if the user is anonymous, False otherwise
Raises:AuthException if the session username is unknown
validate_registration(registration_code)

Validate pending account registration, create a new account if successful.

Parameters:registration_code (str.) – registration code
class cork.cork.Mailer(sender, smtp_url, join_timeout=5, use_threads=True)[source]

Bases: object

Send emails asyncronously

Parameters:
  • sender (str.) – Sender email address
  • smtp_server (str.) – SMTP server
send_email(email_addr, subject, email_text)[source]

Send an email

Parameters:
  • email_addr (str.) – email address
  • subject (str.) – subject
  • email_text (str.) – email text
Raises:

AAAException if smtp_server and/or sender are not set

join()[source]

Flush email queue by waiting the completion of the existing threads

Returns:None