3.2. authentication module¶

class authentication.AuthenticationMiddleware(app: ASGIApp, exclude: str | list[str] | None = None, exclude_from_auth_key: str = 'exclude_from_auth', exclude_http_methods: Sequence[Method] | None = None, scopes: Scopes | None = None)[source]¶

Bases: AbstractAuthenticationMiddleware

Middleware that checks if the user has provided a valid jwt auth key as the ‘Authentication’ HTTP header.

app¶

async authenticate_request(connection: ASGIConnection) → AuthenticationResult[source]¶

Receive the http connection and return an AuthenticationResult.

Notes:

This method must be overridden by subclasses.

Args:

connection: An ASGIConnection instance.

Raises:

NotAuthorizedException | PermissionDeniedException: if authentication fails.

Returns:

An instance of AuthenticationResult.

exclude¶

exclude_http_methods¶

exclude_opt_key¶

scopes¶

class authentication.ChangePasswordRequest(old_password: str, new_password: str)[source]¶

Bases: object

new_password: str¶

old_password: str¶

class authentication.JwtUser(id: str, name: str, email: str)[source]¶

Bases: object

email: str¶

id: str¶

name: str¶

class authentication.LoginRequest(name: str, password: str, two_fa_code: str | None = None, webauthn_response: dict[str, Any] | None = None)[source]¶

Bases: object

Parameters sent by the user in order to login.

name: str¶

password: str¶

two_fa_code: str | None = None¶

webauthn_response: dict[str, Any] | None = None¶

class authentication.ResetPasswordRequest(new_password: str)[source]¶

Bases: object

new_password: str¶

class authentication.TotpCodeRequest(code: str)[source]¶

Bases: object

code: str¶

class authentication.TotpConfiguredResponse(is_configured: bool)[source]¶

Bases: object

is_configured: bool¶

class authentication.TotpSetupResponse(secret: str, otpauth_uri: str)[source]¶

Bases: object

otpauth_uri: str¶

secret: str¶

class authentication.TwoFaRequiredResponse(user_id: str, totp_supported: bool, webauthn_supported: bool)[source]¶

Bases: object

totp_supported: bool¶

user_id: str¶

webauthn_supported: bool¶

authentication.create_jwt(user: User, validity_hours: int) → str[source]¶

authentication.generate_totp_secret() → str[source]¶

async authentication.get_user_by_name_or_mail(db_session: AsyncSession, query: str) → User | None[source]¶

Get a user by their name (case-insensitive).

This method tries to find a user with the given username first. If there’s none, it falls back to searching a user whose email equals the query.

param query: the username or email to search for return: the user for the given query, or None if no such user exists

authentication.hash_password(password: str) → str[source]¶: Hashes the password using Argon2

authentication.totp_provisioning_uri(secret: str, user_email: str) → str[source]¶

authentication.verify_jwt(jwt_token: str) → JwtUser | None[source]¶

authentication.verify_password(password_hash: str, password: str) → bool[source]¶

Verify the password with the given Argon2 Hash.

param password: the password to check against param password_hash: the argon2 hash of the password return: whether the password is correct

authentication.verify_totp(secret: str, code: str) → bool[source]¶