from alcohol.mixins.sqlalchemy import SQLAlchemyUserMixin
class User(Base, SQLAlchemyUserMixin):
id = Column(Integer, primary_key=True)
bob = User()
# stores a hash of bobs password (using passlib)
bob.password = 'bobs_very_secret_password'
if bob.check_password(some_password):
print 'hello, bob!'
# creates a password-reset token that will work once to change his password
# after he forgot it, signed with the servers secret key
token = bob.create_password_reset_token(SECRET_KEY)
alcohol is a framework for handling user authentication
and authorization
. Both of these parts can be used independently and support SQLAlchemy and in-memory backends.
Authorization is handled using Role Based Access Controls (a NIST-standard) as the underlying model:
from alcohol.rbac import DictRBAC
acl = DictRBAC()
acl.assign('bob', 'programmer')
acl.assign('alice', 'ceo')
acl.permit('programmer', 'run_unittests')
acl.permit('ceo', 'hire_and_fire')
acl.allowed('bob', 'run_unittests') # True
acl.allowed('bob', 'hire_and_fire') # False
acl.allowed('alice', 'hire_and_fire') # True
alcohol also ships with a few SQLAlchemy mixins for handling updated/modified timestamps, email fields, password-hashes and generating activation/reset tokens for the latter two. See mixins
for details.