alcohol

from alcohol.mixins.sqlalchemy import SQLAlchemyUserMixin

class User(Base, SQLAlchemyUserMixin):
    id = Column(Integer, primary_key=True)

bob = User()

# stores a hash of bobs password (using passlib)
bob.password = 'bobs_very_secret_password'

if bob.check_password(some_password):
    print 'hello, bob!'

# creates a password-reset token that will work once to change his password
# after he forgot it, signed with the servers secret key
token = bob.create_password_reset_token(SECRET_KEY)

alcohol is a framework for handling user Authentication and Authorization. Both of these parts can be used independently and support SQLAlchemy and in-memory backends.

Authorization is handled using Role Based Access Controls (a NIST-standard) as the underlying model:

from alcohol.rbac import DictRBAC

acl = DictRBAC()
acl.assign('bob', 'programmer')
acl.assign('alice', 'ceo')

acl.permit('programmer', 'run_unittests')
acl.permit('ceo', 'hire_and_fire')

acl.allowed('bob', 'run_unittests')    # True
acl.allowed('bob', 'hire_and_fire')    # False
acl.allowed('alice', 'hire_and_fire')  # True

Utilities

alcohol also ships with a few SQLAlchemy mixins for handling updated/modified timestamps, email fields, password-hashes and generating activation/reset tokens for the latter two. See Mixin classes for details.

[1]	http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf

Examples

There is a large SQLAlchemy-based example in the Example using SQL backends section.

Table of contents

• Authentication
  • Data flow
  • Terminology
    • User-ID
    • User
  • The user_id_changed signal
    • Signal options
  • The user_id_reset signal
• Authorization
  • Core concepts
  • Flat RBAC
    • A Flat RBAC example
  • SQL backend
• Mixin classes
  • SQLAlchemy Support
• Example using SQL backends
  • Authorization
  • Passwords and emails
• API Changes
  • 0.5
  • 0.4.1
  • 0.4
  • 0.3