drakken.model module#
ORM module.
Warning
SQLAlchemy doesn’t escape raw SQl so to prevent SQL injection attacks always use the ORM.
- class drakken.model.Base(**kwargs: Any)#
Bases:
DeclarativeBase- metadata: ClassVar[MetaData] = MetaData()#
Refers to the
_schema.MetaDatacollection that will be used for new_schema.Tableobjects.See also
orm_declarative_metadata
- registry: ClassVar[_RegistryType] = <sqlalchemy.orm.decl_api.registry object>#
Refers to the
_orm.registryin use where new_orm.Mapperobjects will be associated.
- class drakken.model.RateLimit(**kwargs)#
Bases:
BaseEmail rate limit table.
- count#
- id#
- name#
- start_time#
- class drakken.model.Session(**kwargs)#
Bases:
BaseSession table.
- csrf_token#
- date_created#
- ip_address#
- session_token#
- user#
- user_agent#
- user_id#
- class drakken.model.User(**kwargs)#
Bases:
BaseUser account table.
- active#
- date_joined#
- email#
- id#
- last_login#
- pwhash#
- salt#
- drakken.model.authenticate(**kwargs)#
Authenticate user.
- Parameters:
username (str) – user name.
email (str) – email address.
password (str) – password.
- Raises:
AuthenticateFail – username/email and password don’t match the database.
- drakken.model.create_user(email, password, username='')#
Create a user.
- Parameters:
email (str) – must be unique if not using a username.
password (str) – must be within MIN_PASSWORD_LENGTH and MAX_PASSWORD_LENGTH.
username (str) – must be unique. Optional.
Note
The password hashing algorithm is deliberately computationally expensive to slow down hackers. Very long passwords can take so long to compute they can be used in a denial of service attack per OWASP. Which is why we check for too long passwords.
- Raises:
EmailAddressTaken – email address is already in the database.
PasswordLength – password is too long or too short.
UserNameTaken – user name is already in the database.
- drakken.model.get_session(request)#
Return session object.
- Parameters:
request (webob.Request) – Request object.
- Raises:
LoginFail – session ID is missing or not in database, request user agent doesn’t match session user agent, or session has expired.
- drakken.model.login(**kwargs)#
Login user and set response cookie.
- Parameters:
username (str) – user name.
email (str) – email address.
password (str) – password.
request (webob.Request) – Request object.
response (webob.Response) – Response object.
- drakken.model.login_required(func=None, redirect=True)#
Validate session token in cookie.
Use as a decorator.
- Parameters:
request (webob.Request) – Request object.
response (webob.Response) – Response object.
kwargs (dict) – URL keyword arguments.
- Raises:
HTTPRedirect – redirect to config.LOGIN_URL if set and redirect == True.
LoginFail – if config.LOGIN_URL not set or redirect == False.
- drakken.model.logout(request, response)#
Log out user, delete session and cookie.
- Parameters:
request (webob.Request) – Request object.
response (webob.Response) – Response object.
- drakken.model.session_scope()#
Context manager for database operations.
Automatically handles database commit, rollback, and close. Taken from SQLAlchemy docs.
Example:
from drakken.model import session_scope, User from drakken.security import gensalt, slow_hash email = 'stuart@gmail.com' password = 'FoundInTheSwamp' salt = gensalt() hashed = security.slow_hash(password, salt) with session_scope() as session: user = User(email=email, pwhash=hashed, salt=salt) session.add(user)
- drakken.model.setup()#
Configure database, creating tables if needed.
- drakken.model.update_password(userid, password)#
Change password for user.
- Parameters:
userid (int) – user ID.
password (str) – new password.
- drakken.model.validate_CSRF(request)#
Return CSRF token if valid.
- Parameters:
request (webob.Request) – Request object.
- Raises:
CSRFTokenFail – CSRF token not found in session database.
LoginFail – user agent mismatch, or session expired.