Database Connections¶
- class toto.dbconnection.DBConnection(session_ttl=31536000, anon_session_ttl=86400, session_renew=0, anon_session_renew=0, *args, **kwargs)[source]¶
Toto uses subclasses of DBConnection to support session and account storage as well as general access to the backing database. Usually, direct access to the underlying database driver will be available via the DBConnection.db property.
Currently, toto provides the following DBConnection drivers:
- toto.mongodbconnection.MongoDBConnection
- toto.mysqldbconnection.MySQLdbConnection
- toto.postgresconnection.PostgresConnection
- toto.redisconnection.RedisConnection
- toto.jsondbconnection.JSONConnection (For debugging only)
Accounts and Sessions¶
- DBConnection.create_account(user_id, password, additional_values={}, **values)[source]¶
Create an account for the given user_id and password. Optionally set additional account values by passing them as keyword arguments (the additional_values parameter is deprecated).
Note: if your database uses a predefined schema, make sure to create the appropriate columns before passing additional arguments to create_account.
- DBConnection.create_session(user_id=None, password=None, verify_password=True, key=None)[source]¶
Create a new session for the account with the given user_id and password, or an anonymous session if anonymous sessions are enabled. This method returns a subclass of TotoSession designed for the current backing database. Pass verify_password=False to create a session without checking the password. This feature can be used to implement alternative authentication methods like Facebook, Twitter or Google+.
- DBConnection.retrieve_session(session_id)[source]¶
Retrieve an existing session with the given session_id. This method returns a subclass of TotoSession designed for the current backing database.
The use of HTTPS is strongly recommended for any communication involving sensitive information.
- DBConnection.clear_sessions(user_id)[source]¶
If implemented, invalidates all sessions tied to the account with the given user_id.
- DBConnection.change_password(user_id, password, new_password)[source]¶
Updates the password for the account with the given user_id and password to match new_password for all future requests.
- DBConnection.generate_password(user_id)[source]¶
Generates a new password for the account with the given user_id and makes it active for all future requests. The new password will be returned. This method is designed to support “forgot password” functionality.
- DBConnection.set_session_cache(session_cache)[source]¶
Optionally set an instance of TotoSessionCache that will be used to store sessions separately from this database.
- DBConnection.remove_session(session_id)[source]
Invalidate the session with the given session_id.
Extending DBConnection¶
The following methods must be implemented for a subclass of DBConnection to function properly:
- DBConnection._remove_session(session_id)[source]¶
Called by DBConnection.remove_session to invalidate the specified session when no session cache is in use.
- DBConnection._load_uncached_data(session_id)[source]¶
Load a session data dict from the local database. Called by default and if no TotoSessionCache has been associated with the current instance of DBConnection.
- DBConnection._store_session(session_id, session_data)[source]¶
Called by DBConnection.create_session, and by DBConnection.retrieve_session if there is a change in TotoSession.expires. Will not be called if a session cache has been attached to the DBConnection.
- DBConnection._update_password(user_id, hashed_password)[source]¶
Called by DBConnection.change_password and DBConnection.generate_password.
- DBConnection._instantiate_session(session_data, session_cache)[source]¶
Called by DBConnection.create_session and by DBConnection.retrieve_session to actually instantiate a TotoSession instance. Must return a new TotoSession.
- DBConnection._get_account(user_id)[source]¶
Called by DBConnection.create_session if verify_password=True and must return a dictionry containing at least the pair 'password':<hashed_password.
- DBConnection._store_account(user_id, values)[source]¶
Must be implemented in subclasses to persist new accounts to the database. Values is a dictionary that will contain, at a minimum, user_id and password. password will be the hashed password passed to self.create_account().
The following methods are optional:
- DBConnection.clear_sessions(user_id)[source]
If implemented, invalidates all sessions tied to the account with the given user_id.