Authentication

Todo

Docstrings (module, models, utilities)

Models

class indico.modules.auth.models.identities.Identity(**kwargs)

Bases: flask_sqlalchemy.Model

Identities of Indico users

A simple constructor that allows initialization from kwargs.

Sets attributes on the constructed instance using the names and values in kwargs.

Only keys that are present as attributes of the instance’s class are allowed. These could be, for example, any mapped columns or relationships.

data
id

the unique id of the identity

identifier

the unique identifier of the user within its provider

last_login_dt

the timestamp of the latest login

last_login_ip

the ip address that was used for the latest login

locator
multipass_data

internal data used by the flask-multipass system

password

the password of the user in case of a local identity

password_hash

the hash of the password in case of a local identity

provider

the provider name of the identity

register_login(ip)

Updates the last login information

safe_last_login_dt

last_login_dt that is safe for sorting (no None values)

user_id

the id of the user this identity belongs to

class indico.modules.auth.models.registration_requests.RegistrationRequest(**kwargs)

Bases: flask_sqlalchemy.Model

A simple constructor that allows initialization from kwargs.

Sets attributes on the constructed instance using the names and values in kwargs.

Only keys that are present as attributes of the instance’s class are allowed. These could be, for example, any mapped columns or relationships.

comment
email
extra_emails
id
identity_data
locator

Defines a smart locator property.

This behaves pretty much like a normal read-only property and the decorated function should return a dict containing the necessary data to build a URL for the object.

This decorator should usually be applied to a method named locator as this name is required for get_locator to find it automatically when just passing the object.

If you need more than one locator, you can define it like this:

@locator_property
def locator(self):
    return {...}

@locator.other
def locator(self):
    return {...}

The other locator can then be accessed by passing obj.locator.other to the code expecting an object with a locator.

settings
user_data

Utilities

indico.modules.auth.util.impersonate_user(user)

Impersonate another user as an admin

indico.modules.auth.util.load_identity_info()

Retrieves identity information from the session

indico.modules.auth.util.redirect_to_login(next_url=None, reason=None)

Redirects to the login page.

Parameters:
  • next_url – URL to be redirected upon successful login. If not specified, it will be set to request.relative_url.
  • reason – Why the user is redirected to a login page.
indico.modules.auth.util.register_user(email, extra_emails, user_data, identity_data, settings, from_moderation=False)

Create a user based on the registration data provided during te user registration process (via RHRegister and RegistrationHandler).

This method is not meant to be used for generic user creation, the only reason why this is here is that approving a registration request is handled by the users module.

indico.modules.auth.util.save_identity_info(identity_info, user)

Saves information from IdentityInfo in the session

indico.modules.auth.util.undo_impersonate_user()

Undo an admin impersonation login and revert to the old user

indico.modules.auth.util.url_for_login(next_url=None)
indico.modules.auth.util.url_for_logout(next_url=None)
indico.modules.auth.util.url_for_register(next_url=None, email=None)

Returns the URL to register

Parameters:
  • next_url – The URL to redirect to afterwards.
  • email – A pre-validated email address to use when creating a new local account. Use this argument ONLY when sending the link in an email or if the email address has already been validated using some other way.