watson.auth.decorators

watson.auth.decorators.auth(func=None, roles=None, permissions=None, requires=None, unauthenticated_url=None, unauthorized_url=None, should_404=False, redirect=False)[source]

Makes a controller action require an authenticated user.

By setting additional roles and permissions, finer control can be given to the resource.

Parameters:
  • func (callable) – the function that is being wrapped
  • roles (string|iterable) – The roles that the user must have
  • permissions (string|iterable) – The permissions the user must have
  • requires (iterable) – An iterable of watson.validator.Validator objects that allows for custom validations outside of standard roles/permissions.
  • unauthenticated_url (string) – The url to redirect to if the user is not logged in.
  • unauthorized_url (string) – The url to redirect to if the user does not have permission.
  • should_404 (boolean) – Raise a 404 instead of redirecting.
  • redirect (boolean) – Remember the url to redirect to after login.
Returns:

The controller response.

Example:

class MyController(controllers.Action):
    def index_action(self):
        return 'Index'

    @auth(roles='admin', permissions='view')
    def protected_action(self):
        return 'Authenticated users only'
watson.auth.decorators.forgotten(func=None, method='POST', form_class=None)[source]

Finds a user and sends them a reset password request email.

Parameters:
  • func (callable) – the function that is being wrapped.
  • method (string) – The HTTP method that request must match.
  • form_class (string) – The qualified class name of the form.
watson.auth.decorators.login(func=None, method='POST', form_class=None, auto_redirect=True, authenticated_callback=None)[source]

Attempts to authenticate a user if the required fields have been posted.

By setting auto_redirect to False, the user roles and permissions can be checked within the login route and redirected from there.

Parameters:
  • func (callable) – The function that is being wrapped
  • method (string) – The HTTP method that authentication will be performed against.
  • form_class (string) – The qualified class name of the form.
  • auto_redirect (boolean) – Whether or not to automatically redirect to a different url on successful login.
  • authenticated_callback (callable) – An additional callback that can be used to authenticate the user after a valid user record has been found. Takes user and request objects as arguments.

Example:

class MyController(controllers.Action):
@login(auto_redirect=False)
def login_action(self):
    return 'Logged In'
watson.auth.decorators.logout(func=None, redirect_url=None)[source]

Attempts to log a user out of the application.

Parameters:redirect_url (string) – The url to redirect to.

Example:

class MyController(controllers.Action):
    def index_action(self):
        return 'Index'

    @logout(redirect_url='home')
    def logout_action(self):
        pass
watson.auth.decorators.reset(func=None, method='POST', form_class=None, authenticate_on_reset=False)[source]

Resets a users password if the token matches.

If a token is not matched the user is redirected to the specified route/url.

Parameters:
  • func (callable) – the function that is being wrapped.
  • method (string) – The HTTP method that request must match.
  • form_class (string) – The qualified class name of the form.
  • authenticate_on_reset (bool) – Automatically log the user in on success.