1. ollyc
  2. fresco-passwordless

Overview

HTTPS SSH

Integration

from fresco import FrescoApp
from fresco_passwordless import FrescoPasswordless

app = FrescoApp()

# Replace with a secure secret key.
app.options['FRESCO_PASSWORDLESS_SECRET'] = '…'

passwordless = FrescoPasswordless(app)
app.delegate('/auth', passwordless.views, name='auth')
app.add_middleware(passwordless.middleware)

Configuration

fresco_passwordless looks for the following configuration keys in app.options:

Required keys:

  • FRESCO_PASSWORDLESS_SECRET: a byte string of random data

Optional keys:

  • FRESCO_PASSWORDLESS_STORAGE_DIR: a directory used to store authentication request tokens. If not set, cross-device authentication will be disabled
  • FRESCO_PASSWORDLESS_SMTP_URL: The URL for the SMTP server used to send emails, eg 'smtp://localhost:25/'
  • FRESCO_PASSWORDLESS_MAILER: a mailsend.Mail object to be used. Normally this is not needed, but if you are already using mailsend in your project this configuration option allows you to connect passwordless to your existing mail sending configuartion.
  • FRESCO_PASSWORDLESS_MAIL_SUBJECT: the email subject to use.
  • FRESCO_PASSWORDLESS_MAIL_FROM: the from address to use when sending emails.
  • FRESCO_PASSWORDLESS_TOKEN_SENT_REDIRECT: the page to redirect to after sending a login token.
  • FRESCO_PASSWORDLESS_TIMEOUT: the duration in seconds for which a login is valid
  • FRESCO_PASSWORDLESS_RENEW_AFTER: the duration in seconds after which the authentication cookie is renewed. If zero, the cookie will be renewed on every request. If unset, the cookie will be renewed after half the FRESCO_PASSWORDLESS_TIMEOUT has elapsed.
  • FRESCO_PASSWORDLESS_AUTH_COOKIE_NAME: the name used for the authentication
  • FRESCO_PASSWORDLESS_AUTH_REQUEST_COOKIE_NAME: the name used for the authentication request token cookie.
  • FRESCO_PASSWORDLESS_COOKIE_PATH: the path to use for authentication cookies.

Usage

Check the currently logged in user via the get_user method:

def secure_view():
    user = passwordless.get_user()

get_user always returns a string (the user's email address).

Trigger a login by redirecting to the 'auth:login' view:

user = middleware.get_user(environ)
if user is None:
    redirect = urlfor('auth:login', _query={'came_from': request.url})
    return Response.redirect(redirect)

If you have an authorization framework in place (eg knave), you can tie into this using application hooks:

@app.process_exception(Unauthorized)
def redirect_to_auth(request, exc_info):
    return Response.redirect(
        app.urlfor('auth:login', _query={'came_from': request.url}))