Accounts and Sessions¶

DBConnection.create_account(user_id, password, additional_values={}, **values)[source]¶

Create an account for the given user_id and password. Optionally set additional account values by passing them as keyword arguments (the additional_values parameter is deprecated).

Note: if your database uses a predefined schema, make sure to create the appropriate columns before passing additional arguments to create_account.

DBConnection.create_session(user_id=None, password=None, verify_password=True, key=None)[source]¶

Create a new session for the account with the given user_id and password, or an anonymous session if anonymous sessions are enabled. This method returns a subclass of TotoSession designed for the current backing database. Pass verify_password=False to create a session without checking the password. This feature can be used to implement alternative authentication methods like Facebook, Twitter or Google+.

DBConnection.retrieve_session(session_id)[source]¶

Retrieve an existing session with the given session_id. This method returns a subclass of TotoSession designed for the current backing database.

The use of HTTPS is strongly recommended for any communication involving sensitive information.

DBConnection.remove_session(session_id)[source]¶

Invalidate the session with the given session_id.

DBConnection.clear_sessions(user_id)[source]¶

If implemented, invalidates all sessions tied to the account with the given user_id.

DBConnection.change_password(user_id, password, new_password)[source]¶

Updates the password for the account with the given user_id and password to match new_password for all future requests.

DBConnection.generate_password(user_id)[source]¶

Generates a new password for the account with the given user_id and makes it active for all future requests. The new password will be returned. This method is designed to support “forgot password” functionality.

DBConnection.set_session_cache(session_cache)[source]¶

Optionally set an instance of TotoSessionCache that will be used to store sessions separately from this database.

DBConnection.remove_session(session_id)[source]

Invalidate the session with the given session_id.

Extending DBConnection¶

The following methods must be implemented for a subclass of DBConnection to function properly:

DBConnection._remove_session(session_id)[source]¶

Called by DBConnection.remove_session to invalidate the specified session when no session cache is in use.

DBConnection._load_uncached_data(session_id)[source]¶

Load a session data dict from the local database. Called by default and if no TotoSessionCache has been associated with the current instance of DBConnection.

DBConnection._store_session(session_id, session_data)[source]¶

Called by DBConnection.create_session, and by DBConnection.retrieve_session if there is a change in TotoSession.expires. Will not be called if a session cache has been attached to the DBConnection.

DBConnection._update_password(user_id, hashed_password)[source]¶

Called by DBConnection.change_password and DBConnection.generate_password.

DBConnection._instantiate_session(session_data, session_cache)[source]¶

Called by DBConnection.create_session and by DBConnection.retrieve_session to actually instantiate a TotoSession instance. Must return a new TotoSession.

DBConnection._get_account(user_id)[source]¶

Called by DBConnection.create_session if verify_password=True and must return a dictionry containing at least the pair 'password':<hashed_password.

DBConnection._store_account(user_id, values)[source]¶

Must be implemented in subclasses to persist new accounts to the database. Values is a dictionary that will contain, at a minimum, user_id and password. password will be the hashed password passed to self.create_account().

The following methods are optional:

DBConnection.clear_sessions(user_id)[source]

If implemented, invalidates all sessions tied to the account with the given user_id.

DBConnection._update_expiry(session_id, session_data)[source]¶

Called by DBConnection.retrieve_session if there is a change in TotoSession.expires to allow optional efficient updates. If not implemented, self._store_session will be called.

DBConnection._prepare_session(account, session_data)[source]¶

Called by DBConnection.create_session before the session is written to the database to allow for the addition of any extra data that may be needed by the subclass.TotoSession implementation.