lg_authority is an authentication and authorization control suite for CherryPy. It handles user registration, group management, and provides functions for denying access to protected resources. The module is designed to be (relatively) easy to use, but at the same time be extensible enough that it may be customized through standard CherryPy configuration.
Supported registration methods:
- E-mail - Either required to create an account, or supplementary for account recovery
- OpenID - If python-openid is installed, users may choose to use an OpenID instead of a password. lg_authority also allows users to use your site as an OpenID provider.
- Admin approved only - If you only have a small number of approved users for your app (such as an internal team), lg_authority lets those users request accounts and you approve them.
- Recaptcha - Validate that registering users are, in fact, humans (requires recaptcha-client and valid configuration)
The module also provides:
- Namespaced, expiring, key-value storage - currently supports ram, sqlite3, and mongodb
- Non-locking sessions - usually used in place of cherrypy.lib.sessions
- User information in handlers - cherrypy.user.id = logged in username; cherrypy.user itself is a dict of known user attributes
- Long-term storage for user activities - cherrypy.user.slate is like a session, except it may span multiple logins
- Put things here that should be considered for inclusion... or post an issue on github.