Authentication management¶
Coaster provides a current_auth
for handling authentication. Login
managers must comply with its API for Coaster’s view handlers to work.
If a login manager installs itself as current_app.login_manager
and
provides a _load_user()
method, it will be called when current_auth
is invoked for the first time in a request. Login managers can call
add_auth_attribute()
to load the actor (typically the authenticated user)
and any other relevant authentication attributes.
For compatibility with Flask-Login, a user object loaded at
_request_ctx_stack.top.user
will be recognised and made available via
current_auth
.
-
coaster.auth.
add_auth_attribute
(attr, value, actor=False)[source]¶ Helper function for login managers. Adds authorization attributes to
current_auth
for the duration of the request.Parameters: If the attribute is an actor and
current_auth
does not currently have an actor, the attribute is also made available ascurrent_auth.actor
, which in turn is used bycurrent_auth.is_authenticated
.The attribute name
user
is special-cased:user
is always treated as an actoruser
is also made available as_request_ctx_stack.top.user
for compatibility with Flask-Login
-
coaster.auth.
add_auth_anchor
(anchor)[source]¶ Helper function for login managers and view handlers to add a new auth anchor. This is a placeholder until anchors are properly specified.
-
coaster.auth.
request_has_auth
()[source]¶ Helper function that returns True if
current_auth
was invoked during the current request. A login manager can use this during request teardown to set cookies or perform other housekeeping functions.
-
coaster.auth.
current_auth
= CurrentAuth(None)¶ A proxy object that hosts state for user authentication, attempting to load state from request context if not already loaded. Returns a
CurrentAuth
. Typical use:from coaster.auth import current_auth @app.route('/') def user_check(): if current_auth.is_authenticated: return "We have a user" else: return "User not logged in"