CherryPy Project Download


available at


lg_authority is an authentication and authorization control suite for CherryPy. It handles user registration, group management, and provides functions for denying access to protected resources. The module is designed to be (relatively) easy to use, but at the same time be extensible enough that it may be customized through standard CherryPy configuration.

Supported registration methods:

  • E-mail - Either required to create an account, or supplementary for account recovery
  • OpenID - If python-openid is installed, users may choose to use an OpenID instead of a password. lg_authority also allows users to use your site as an OpenID provider.
  • Admin approved only - If you only have a small number of approved users for your app (such as an internal team), lg_authority lets those users request accounts and you approve them.
  • Recaptcha - Validate that registering users are, in fact, humans (requires recaptcha-client and valid configuration)

The module also provides:

  • Namespaced, expiring, key-value storage - currently supports ram, sqlite3, and mongodb
  • Non-locking sessions - usually used in place of cherrypy.lib.sessions
  • User information in handlers - = logged in username; cherrypy.user itself is a dict of known user attributes
  • Long-term storage for user activities - cherrypy.user.slate is like a session, except it may span multiple logins


This software should be compatible with both python 2 and 3, though features may be limited depending the python language support of the libraries that those features depend on. For instance, the mongodb storage driver requires pymongo, which is available only for Python 2 at the time of this writing.

Either download and extract the source from github or use git to clone from git:// Then run

  python install

From the source directory to install lg_authority.

Example Usage

Unlike a conventional tool, lg_authority also requires a mounted object through which it serves its special pages for authentication and user management. This object is presumed by the default configuration to be mounted at /auth on the webserver.

Complete Simple Example

The following code runs a cherrypy application that uses lg_authority for authentication.

import cherrypy
import lg_authority

#Restrict default access to logged in users
class Root(object):
    """CherryPy server root"""

    auth = lg_authority.AuthRoot()
    auth__doc = "The object that serves authentication pages"

    #Allow everyone to see the index page
    def index(self):
        return '<p>Welcome!</p><p>Would you like to <a href="protected">view protected information?</a></p>'

    #This method inherits restricted access from the Root class it belongs to
    def protected(self):
        return '<p>Welcome, {user}!</p>'.format(

#Turn on lg_authority for our website
    'tools.lg_authority.on': True

#Run the webserver


See lg_authority/ for a rather large dict of all configuration variables (TODO: That should be moved to a single file...)


  • Put things here that should be considered for inclusion... or post an issue on github.

Hosted by WebFaction

Log in as guest/cherrypy to create/edit wiki pages