from alcohol.mixins.sqlalchemy import SQLAlchemyUserMixin class User(Base, SQLAlchemyUserMixin): id = Column(Integer, primary_key=True) bob = User() # stores a hash of bobs password (using passlib) bob.password = 'bobs_very_secret_password' if bob.check_password(some_password): print 'hello, bob!' # creates a password-reset token that will work once to change his password # after he forgot it, signed with the servers secret key token = bob.create_password_reset_token(SECRET_KEY)
alcohol is a framework for handling user :doc:`authentication` and :doc:`authorization`. Both of these parts can be used independently and support SQLAlchemy and in-memory backends.
Authorization is handled using Role Based Access Controls (a NIST-standard) as the underlying model:
from alcohol.rbac import DictRBAC acl = DictRBAC() acl.assign('bob', 'programmer') acl.assign('alice', 'ceo') acl.permit('programmer', 'run_unittests') acl.permit('ceo', 'hire_and_fire') acl.allowed('bob', 'run_unittests') # True acl.allowed('bob', 'hire_and_fire') # False acl.allowed('alice', 'hire_and_fire') # True
Utilities
alcohol also ships with a few SQLAlchemy mixins for handling updated/modified timestamps, email fields, password-hashes and generating activation/reset tokens for the latter two. See :doc:`mixins` for details.
[1] | http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf |