Readme
User authentication and session management based on PostgreSQL
Just download it from PYPI using pip::
pip install pgusers
In order to use this module, you instantiate a UserSpace object:
.. code-block:: python
import pgusers
usp = pgusers.UserSpace("userlist", host="dbhost.domain.com",
port=5432, user="dbuser")
Where userlist must be the name of an existing database instance on
the PostgreSQL host. The rest of the keyword arguments are those needed to
create a connection to the database server and are passed straight to
the psycopg2 module.
Repeated connections to the same userspace return the same object.
The following are the methods available to UserSpace instances.
create_user(self, username, password, email, admin=False, extra_data=None)
Creates a new user. Returns a numeric userid for the user created.
:username:
The username to be created, if there is already a record with that username, a ``BadCallError`` exception is raised.
:password:
The user's password in cleartext.
:email:
Email for notifications or password recovery. ``BadCallError`` is raised if the email exists in the database.
:admin:
A boolean value indicating whether the user is an administrator.
:extra_data:
Any data that will be attached to the record. This can be anything that can be serialised using the ``pickle`` module from the standard library.
``validate_user(self, username, password, extra_data=None)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Validates (or logs in) a user. Returns a tuple with a string
containing a session key, a boolean value indicating whether the user is
an admin, and the numeric userid. If the user was not found, the returned
tuple would be ``("", False, None)``
:username:
The username to be authenticated.
:password:
The password in clear text.
:extra_data:
Optional data that will be attached to the session. This can be anything that can be serialised using the ``pickle`` module from the standard library.
``delete_user(self, username=None, userid=None)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Delete a user given either its username or userid. Either username or userid
must be specified. Returns ``OK`` if deleted, ``NOT_FOUND`` if not found.
:username:
The username.
:userid:
The numeric userid.
``change_password(self, userid, newpassword, oldpassword=None)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Change a user's password. Returns either ``OK``, ``NOT_FOUND`` or ``REJECTED``
Throws BadCallError if neither username or userid are specified.
:userid:
The numeric user id, as returned by ``create_user()``
:newpassword:
The new password, in cleartext.
:oldpassword:
The current password, in cleartext. If specified, oldpassword is checked against the current password and the call will fail if they don't match. If ``oldpassword`` is not specified, the password will be changed unconditionally.
``check_key(self, key)``
~~~~~~~~~~~~~~~~~~~~~~~~
Reset the session timeout. Resets the key's Time To Live to the default value.
Returns a tuple of the form *(rc, username, userid, extra_data)* where rc
can be either ``OK``, ``NOT_FOUND`` or ``EXPIRED``. If ``NOT_FOUND`` or ``EXPIRED``, username
and userid will be ``None``.
:key:
The session key as returned by ``validate_user()``
``set_session_TTL(self, secs)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the TTL for all sessions. All new sessions or checked sessions will
be set to this new TTL value.
:secs:
The number of seconds of Time To Live. The default TTL for a session is currently 864000 seconds, or 10 days. This might change in future releases.
``find_user(self, username=None, email=None, userid=None)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find a user given either its username, its email or its userid. At least
one of those must be supplied.
This method
does not validate the user or any session. It is used to retrieve information
about a user in the database.
Returns a dictionary with fields ``userid``, ``username``, ``email``, ``admin``,
and ``extra_data``. ``None`` if the user was not found.
:username:
The username.
:email:
The email.
:userid:
The numeric userid.
``modify_user(self, userid, username=None, email=None, extra_data=None)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Modify user data. Returns ``OK`` if successful ``NOT_FOUND`` if not.
:userid:
The user id as returned by ``create_user()``
:username:
The new username to change, if specified.
:email:
The new email to change, if specified.
:extra_data:
The new extra_data to change, if specified.
``is_admin(self, userid)``
~~~~~~~~~~~~~~~~~~~~~~~~~~
Checks whether the user is admin. Returns ``True`` if it is, ``False`` if not.
:userid:
The user id as returned by ``create_user()``
``set_admin(self, userid, admin=True)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Grant or revoke admin privileges to the user. To revoke, call with admin set to ``False``
:userid:
The user id as returned by ``create_user()``
:admin:
If set to ``True`` or not specified, mark the user as administrator. If set to ``False``, revokes administrator rights.
``all_users(self)``
~~~~~~~~~~~~~~~~~~~
Generator yielding (userid, username, email, admin) tuples for all users
in the userspace.
``list_sessions(self, uid, expired=False)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Generator yielding all sessions for a user or for all users (i.e. all sessions) if uid is 0. If
expired is set to ``True``, yield only the sessions that have expired.
Yields tuples of the form ``(username, key, expiration)``
:userid:
The user id as returned by ``create_user()``, or 0 to return all sessions.
:expired:
Boolean indicating whether the method should only return expired sessions.
``kill_sessions(self, uid, expired=False)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kill the sessions for a user or for all users (i.e. all sessions) if uid is 0. If
expired is set to ``True``, kill only the sessions that have expired. *Killing* a
session removes it from the database, efectively invalidating it.
:userid:
The user id as returned by ``create_user()``, or 0 to kill all sessions.
:expired:
Boolean indicating whether the method should only kill the expired sessions.
License
-------
This software is licensed under the terms of the **MIT license**.
FAQs
user and session management on postgresql database
We found that pgusers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.