Mixin classes

class alcohol.mixins.EmailMixin

Adds an email attribute and supports generating email activation tokens.

activate_email(secret_key, token, max_age_sec=86400)

Checks if the email activation token is valid. If it is, updates the users email address with the one saved in the token.

Parameters:
  • secret_key – The application’s own secret key.
  • token – The activation token.
  • max_age_sec – The maximum age in seconds this token may be old before its considered expired. Default is 24 hours.
Returns:

True if the activation was successful, False otherwise.
create_email_activation_token(secret_key, email)

Creates a new activation token that allows changing the email address. The token will tied to the old email address and works only if the address has not changed in the meantime.

Parameters:
  • secret_key – The application’s own secret key.
  • email – The desired new email address. Will be encoded inside the token.
Returns:

An urlsafe string.
email = None

An email address. Not validated in any form.

class alcohol.mixins.PasswordMixin

A mixin that stores a key based on a password. An attribute named _pwhash will be used to store the password hash.

check_password(password)

Check if a supplied password is the same as the user’s password.

Parameters:password – Password to be checked.
Returns:True if valid, False otherwise.
check_password_reset_token(secret_key, token, max_age_sec=86400)

Checks if a supplied password-reset token is valid.

Parameters:
  • secret_key – Your applications secret key.
  • password – Password-reset token to be checked.
  • max_age_sec – The maximum age in seconds this token may be old before its considered expired. Default is 24 hours.
Returns:

True if valid, False otherwise.
create_reset_password_token(secret_key, random_source=<built-in function urandom>, nonce_size=5)

Create a signed password reset token.

A pasword reset token using a key derived from secret_key and the current password hash, causing it to stop working once the password has been altered.

It also includes a nonce, so that attackers cannot tell whether a password-reset request has been made twice for the same password.

Parameters:
  • secret_key – The application’s own secret key.
  • random_source – The random source to use to create the nonce. Defaults to os.urandom().
  • nonce_size – Number of bytes in the nonce. Each additional byte will increase the resulting tokens length by 2.
Returns:

An urlsafe string.
password

The users password. This is a write-only property, attempting to read it will throw an exception. Use this to set the users password.

SQLAlchemy Support

In addition to implementations of the EmailMixin and PasswordMixin classes, the sqlalchemy module comes with support for auto-updating timestamps.

class alcohol.mixins.sqlalchemy.SQLAlchemyEmailMixin

Adds a Unicode Column named email for storing a users email address.

Supports the same interface as EmailMixin.

class alcohol.mixins.sqlalchemy.SQLAlchemyPasswordMixin

Adds a String Column containing the password hash.

Supports the same interface as PasswordMixin.

class alcohol.mixins.sqlalchemy.TimestampMixin

A mixin that adds two timestamp fields, created and modified. The created timestamp is updated only on creation, while every SQL UPDATE will trigger a refresh of the modified timestamp.

created = Column(None, DateTime(), table=None, nullable=False, default=ColumnDefault(<function <lambda> at 0x7f4907ce10c8>))

A datetime.datetime instance containing the time this record was created.

modified = Column(None, DateTime(), table=None, onupdate=ColumnDefault(<function <lambda> at 0x7f4907ce1140>))

A datetime.datetime instance containing the time this record was last modified.