User Folder objects

interface Products.PluggableAuthService.interfaces.authservice.IUserFolder

Specify the interface called out in AccessControl.User.BasicUserFolder

as the “Public UserFolder object interface”:

o N.B: “enumeration” methods (‘getUserNames’, ‘getUsers’) are not

part of the contract! See IEnumerableUserFolder.

getUser(name)

Return the named user object or None.

getUserById(id, default=None)

Return the user corresponding to the given id.

o If no such user can be found, return ‘default’.

validate(request, auth='', roles=[])

Perform identification, authentication, and authorization.

o Return an IUser-conformant user object, or None if we can’t

identify / authorize the user.

o ‘request’ is the request object

o ‘auth’ is any credential information already extracted by

the caller

o roles is the list of roles the caller

interface Products.PluggableAuthService.interfaces.authservice.IPluggableAuthService

Extends: Products.PluggableAuthService.interfaces.authservice.IUserFolder

The full, default contract for the pluggable authentication service.

searchUsers(**kw)

Search for users. Returns a sequence of dicts, each dict representing a user matching the query, with the keys ‘userid’,’id’, ‘login’, ‘title’, and ‘principal_type’, possibly among others. ‘principal_type’ is always ‘user’.

Possible keywords include the following:

o id: user id

o name: user name

o max_results: an int (or value castable to int) indicating

the maximum number of results the method should return

o sort_by: the key in the user dictionary that should be used

to sort the results

o login: user login

searchGroups(**kw)

Search for groups. Returns a sequence of dicts, each dict representing a group matching the query, with the keys ‘groupid’,’id’, ‘title’, and ‘principal_type’, possibly among others. ‘principal_type’ is always ‘group’.

Possible keywords include the following:

o id: user id

o name: user name

o max_results: an int (or value castable to int) indicating

the maximum number of results the method should return

o sort_by: the key in the user dictionary that should be used

to sort the results

searchPrincipals(groups_first=False, **kw)

Search for principals (users, groups, or both). Returns a sequence of dicts, each dict representing a principal (group or user) matching the query. groups will be represented with dictionaries as described in searchGroups, and users as described in searchUsers. Possible keywords include id, name, max_results, sort_by, and login.

updateCredentials(request, response, login, new_password)

Central updateCredentials method

This method is needed for cases where the credentials storage and the credentials extraction is handled by different plugins. Example case would be if the CookieAuthHelper is used as a Challenge and Extraction plugin only to take advantage of the login page feature but the credentials are not stored in the CookieAuthHelper cookie but somewhere else, like in a Session.

logout(REQUEST)

Publicly accessible method to log out a user. A wrapper around resetCredentials that may implement some policy (the default implementation redirects to HTTP_REFERER).

resetCredentials(request, response)

Reset credentials by informing all active resetCredentials plugins

updateLoginName(user_id, login_name)

Update login name of user.

updateOwnLoginName(login_name)

Update own login name of authenticated user.

updateAllLoginNames(quit_on_first_error=True)

Update login names of all users to their canonical value.

This should be done after changing the login_transform property of PAS.

You can set quit_on_first_error to False to report all errors before quitting with an error. This can be useful if you want to know how many problems there are, if any.

interface Products.PluggableAuthService.interfaces.authservice.IMutableUserFolder

Specify the interface called out in

AccessControl.User.BasicUserFolder as the “Public UserFolder object interface”:

o N.B: “enumeration” methods (‘getUserNames’, ‘getUsers’) are not

part of the contract! See IEnumerableUserFolder.

userFolderAddUser(name, password, roles, domains, **kw)

Create a new user object.

userFolderEditUser(name, password, roles, domains, **kw)

Change user object attributes.

userFolderDelUsers(names)

Delete one or more user objects.

interface Products.PluggableAuthService.interfaces.authservice.IEnumerableUserFolder

Extends: Products.PluggableAuthService.interfaces.authservice.IUserFolder

Interface for user folders which can afford to enumerate their users.

getUserNames()

Return a list of usernames.

getUsers()

Return a list of user objects.