Navigation

Table Of Contents

Previous topic

Server Side Internals

Next topic

webnotes — Webnotes Module

This Page

auth — Authentication

Authentication object

class auth.Authentication(self, form, in_cookies, out_cookies, out)

A new Authenticate object is created at the beginning of any request. It will manage login, session and cookies. :method:`update` must be called at the end of the request to update cookies and session.

The constructor will also set the global webnotes.conn, webnotes.session and webnotes.user

To enable a login, the :object:form must have a cmd = “login” (see request handling for more details)

conn
webnotes.db.Database object created after authentication
session
session dictionary of the current session
cookies
session dictionary of incoming cookies
domain
domain name of the request
remote_ip
IP address of the reqeust
update()
Must be called at the end of the request, to update the session and clear expired sessions
set_env()
Sets the properties domain and remote_ip from the environmental variables
set_db()

In case of a multi-database system, this methods sets the correct database connection.

  • It will first search for cookie account_id
  • It will next search for cookies or form variable __account
  • It will try and search from the domain mapping table Account Domain in the accounts database
  • It will try and use the default
check_ip()
If the current request is from a separate IP than the one which was used to create the session, then this throws an Exception
load_session(sid)
Load session from the given session id sid
login(as_guest = 0)

Will login user from self.form. If as_guest is true, it will check if Guest profile is enabled

It will also:

  • validate if approved ips are set in Profile
  • start the session
  • set “remember me”
  • return out.message as “Logged In”
check_password(user, pwd)
Checks if the user has the pwd and is enabled
validate_ip(user)
Validates IP address from the ip_address value in the user’s Profile
start_session()
Starts a session, and updates last login details in the users’s Profile
clear_expired()
Removes old sessions from tabSessions that are older than session_expiry in Control Panel or 24:00 hrs
set_cookies()
Sets outgoing cookies
set_remember_me()
Checks if there is a ‘remember_me’ property in form with a value and if true, its sets the expiry of each cookie for remember_for_days in Control Panel or 7 days
get_cookies()
Loads incoming cookies in cookies

Navigation

© Copyright 2010, Rushabh Mehta. Created using Sphinx 0.6.3.