FlaskSimpleAuth =============== .. py:module:: FlaskSimpleAuth .. autoapi-nested-parse:: Flask Extension and Wrapper This extension helps manage: - authentication - authorization - parameters - and more… This code is public domain. Exceptions ---------- .. autoapisummary:: FlaskSimpleAuth.ErrorResponse FlaskSimpleAuth.ConfigError Classes ------- .. autoapisummary:: FlaskSimpleAuth.Hooks FlaskSimpleAuth.path FlaskSimpleAuth.string FlaskSimpleAuth.JsonData FlaskSimpleAuth.Session FlaskSimpleAuth.Globals FlaskSimpleAuth.Environ FlaskSimpleAuth.CurrentUser FlaskSimpleAuth.CurrentApp FlaskSimpleAuth.Cookie FlaskSimpleAuth.Header FlaskSimpleAuth.Reference FlaskSimpleAuth.Flask FlaskSimpleAuth.Directives FlaskSimpleAuth.FlaskSimpleAuth Functions --------- .. autoapisummary:: FlaskSimpleAuth.err FlaskSimpleAuth.jsonify Module Contents --------------- .. py:class:: Hooks This class holds all hook types used by FlaskSimpleAuth. .. py:attribute:: ErrorResponseFun Generate an error response for message and status. :param description: description string of the error. :param status: HTTP status code. :param headers: dict of additional headers. :param content_type: HTTP content type. Must return a Response. The function mimics flask.Response("message", status, headers, content_type). .. py:attribute:: GetUserPassFun Get password from user login, None if unknown. :param login: user name to retrieve password for. Returns the string, or None if no password for user. .. py:attribute:: GroupCheckFun Tell whether a user belongs to some group. :param login: user name. Returns whether the user belongs to some group by calling the appropriate callback. .. py:attribute:: UserInGroupFun Is user login in group (str or int): yes, no, unknown. :param login: user name to check for group membership. :param group: group name or number to check for membership. Returns whether the user belongs to the group. This is a fallback for the previous per-group method. .. py:attribute:: ObjectPermsFun Check object access in domain, for parameter, in mode. :param login: user name. :param oid: object identifier, must a key. :param mode: optional operation the user wants to perform on the object. Returns whether permission is granted. .. py:attribute:: PasswordCheckFun Low level check login/password validity. :param login: user name. :param password: the password as provided. Returns whether password is valid for user. .. py:attribute:: PasswordQualityFun Is this password quality suitable? :param password: the submitted password. Returns whether the password is acceptable. .. py:attribute:: CastFun Cast parameter value to some object. :param data: initial data, usually a string. Returns the converted object. .. py:attribute:: SpecialParameterFun Generate a "special" parameter, with the parameter name. :param name: parameter name (usually not needed). :param ...: optional special parameters. Returns an object which will be the parameter value. .. py:attribute:: HeaderFun Add a header to the current response. :param response: response to consider. :param header: name of header. Returns the header value, or *None*. .. py:attribute:: BeforeRequestFun Before request hook, with request provided. :param request: current request. Returns a response (to shortcut), or *None* to continue. .. py:attribute:: BeforeExecFun After authentication and right before execution. :param request: current request. :param login: user name of authenticated user. :param auth: authentication scheme used. .. py:attribute:: AfterRequestFun After request hook. .. py:attribute:: AuthenticationFun Authentication hook. :param app: current application. :param request: current request. Returns the authenticated user name, or *None*. .. py:attribute:: JSONConversionFun JSON conversion hook. :param o: object of some type. Returns a JSON serializable something from an object instance. .. py:exception:: ErrorResponse Bases: :py:obj:`BaseException` Exception class to carry fields for an error Response. Use this exception from hooks to trigger an error response. .. py:function:: err(*args, **kwargs) Shorcut function to trigger an error response. It can be used inside an expression, eg: ``_ = res or err("no data", 404)`` .. py:exception:: ConfigError Bases: :py:obj:`BaseException` FSA User Configuration Error. This error is raised on errors detected while initializing the application. .. py:class:: path Bases: :py:obj:`str` Type to distinguish str path parameters. Use this type as hint for a route parameter to trigger a Flask route path parameter. A path may contain ``/`` characters. .. py:class:: string Bases: :py:obj:`str` Type to distinguish str string parameters. Use this type as hint for a route parameter to trigger a Flask route string parameter. A string may not contain ``/`` characters. .. py:class:: JsonData Magic JSON parameter type. This triggers interpretting a parameter as JSON when used as a parameter type on a route. .. py:class:: Session Session parameter type. This provides the session object when used as a parameter type on a route. .. py:class:: Globals Globals parameter type. This provides the g (globals) object when used as a parameter type on a route. .. py:class:: Environ Environ parameter type. This provides the WSGI environ object when used as a parameter type on a route. .. py:class:: CurrentUser Bases: :py:obj:`str` CurrentUser parameter type. This provides the authenticated user (str) when used as a parameter type on a route. .. py:class:: CurrentApp CurrentApp parameter type. This provides the current application object when used as a parameter type on a route. .. py:class:: Cookie Bases: :py:obj:`str` Application Cookie parameter type. This provides the cookie value (str) when used as a parameter type on a route. The `name` of the parameter is the cookie name. .. py:class:: Header Bases: :py:obj:`str` Request Header parameter type. This provides the header value (str) when used as a parameter type on a route. The `name` of the parameter is the header name (case insensitive, underscore for dash). .. py:function:: jsonify(a: Any) -> flask.Response Jsonify something, including generators, dataclasses and pydantic stuff. This is somehow an extension of Flask own jsonify, although it takes only one argument. NOTE on generators, the generator output is json-streamed instead of being treated as a string or bytes generator. .. py:class:: Reference(*args, **kwargs) Bases: :py:obj:`ProxyPatternPool.Proxy` Convenient object wrapper class. This is a very thin wrapper around ProxyPatternPool Proxy class. .. py:class:: Flask(*args, debug: bool = False, **kwargs) Bases: :py:obj:`flask.Flask` Flask class wrapper. The class behaves mostly as a Flask class, but supports extensions: - the ``route`` decorator manages authentication, authorization and parameters transparently. - per-methods shortcut decorators allow to handle root for a given method: ``get``, ``post``, ``put``, ``patch``, ``delete``. - ``make_response`` slightly extends its parent to allow changing the default content type and handle *None* body. - several additional methods are provided: ``get_user_pass``, ``user_in_group``, ``group_check``, ``check_password``, ``hash_password``, ``create_token``, ``get_user``, ``current_user``, ``clear_caches``, ``cast``, ``object_perms``, ``user_scope``, ``password_quality``, ``password_check``, ``add_group``, ``add_scope``, ``add_headers``, ``error_response``, ``authentication``… See ``FlaskSimpleAuth`` class documentation about these methods. .. py:attribute:: json Provides access to JSON methods. Functions in ``flask.json`` will call methods on this provider when the application context is active. Used for handling JSON requests and responses. An instance of :attr:`json_provider_class`. Can be customized by changing that attribute on a subclass, or by assigning to this attribute afterwards. The default, :class:`~flask.json.provider.DefaultJSONProvider`, uses Python's built-in :mod:`json` library. A different provider can use a different JSON library. .. versionadded:: 2.2 .. py:method:: make_response(rv) -> flask.Response Create a Response. This method handles overriding the default ``Content-Type`` and accepts a *None* body. .. py:class:: Directives Documentation for configuration directives. This class presents *all* configuration directives, their expected type and default value. .. py:attribute:: FSA_MODE :type: str :value: 'prod' Execution mode. - ``prod``: default terse mode. - ``dev``: adds headers with the route, authentication and run time. - ``debug1`` to ``debug4``: increasing debug. .. py:attribute:: FSA_LOGGING_LEVEL :type: int :value: 20 Module internal logging level. Upgrade to ``logging.DEBUG`` for maximal verbosity. .. py:attribute:: FSA_ALLOW_DEPRECATION :type: bool :value: False Whether to allow deprecated features. Default is *False*, meaning deprecated features are coldly rejected. On *True*, a warning is generated when the feature is encountered. This setting may or may not apply to anything depending on the version. .. py:attribute:: FSA_SECURE :type: bool :value: True Require TLS on non local connexions. This should be *True*, unless an external appliance handles TLS decryption. .. py:attribute:: FSA_SERVER_ERROR :type: int :value: 500 Status code on FSA internal server errors. This is for debugging help. Changing this allows to separate FSA errors from Flask errors or others. .. py:attribute:: FSA_NOT_FOUND_ERROR :type: int :value: 404 Status code on not found errors. This is for debugging help. Changing this allows to separate FSA generated 404 from others. .. py:attribute:: FSA_LOCAL :type: str :value: 'thread' Isolation requirement for internal per-request objects. - ``process``: one process only - ``thread``: threaded request handler - ``werkzeug``: use werkzeug local - ``gevent``: gevent request handler - ``eventlet``: eventlet request handler Depending on the WSGI server, requests may be managed by process, thread, greenlet… this setting must match the WGI context so that FSA can isolate requests properly. .. py:attribute:: FSA_HANDLE_ALL_ERRORS :type: bool :value: True Whether to handle all 4xx and 5xx Flask-generated errors. - on *True*: override Flask error processing to use FlaskSimpleAuth response generation with FSA internal error handler (FSA_ERROR_RESPONSE). - on *False*: some errors may generate their own response in any format based on Flask default error response generator. .. py:attribute:: FSA_KEEP_USER_ERRORS :type: bool :value: False Whether to hide user errors. They may occur from any user-provided functions such as various hooks and route functions. - on *False*: intercept user errors and turned them into 5xx. - on *True*: refrain from handling user errors and let them pass to the outer WSGI infrastructure instead. User errors are intercepted anyway, traced and raised again. .. py:attribute:: FSA_ERROR_RESPONSE :type: str | Hooks :value: 'plain' Common hook for generating a response on errors. Same as ``error_response`` decorator. - ``plain``: generate a simple *text/plain* response. - ``json``: generate a simple *application/json* string. - ``json:msg``: generate a JSON object with property ``msg``. - *callback*: give full control to a callback which is passed the message, the status, headers and content type. .. py:attribute:: FSA_GET_USER_PASS :type: Hooks | None :value: None Password hook for getting a user's salted hashed password. Same as ``get_user_pass`` decorator. Provide a callback to retrieved the hashed password from the user login. Returning *None* will skip internal password checking. .. py:attribute:: FSA_AUTHENTICATION :type: dict[str, Hooks] Authentication hook for adding authentication schemes. Same as ``authentication`` decorator. For each scheme name, associate a callback which will be given the app and request, and should return the authenticated user login (str). Returning *None* suggests a 401 for this scheme. The implementation may also raise an ``ErrorResponse``. .. py:attribute:: FSA_GROUP_CHECK :type: dict[str, Hooks] Authorization hook for checking whether a user is some groups. Same as ``group_check`` decorator. For each group name, associate a callback which given a login returns whether the user belongs to this group. The group name is also registered in passing. .. py:attribute:: FSA_USER_IN_GROUP :type: Hooks | None :value: None Authorization hook for checking a user group. Same as ``user_in_group`` decorator. Provide a hook to check whether a user, identified by their login, belogs to a group. .. py:attribute:: FSA_OBJECT_PERMS :type: dict[str, Hooks] Authorization hook for object permissions. Same as ``authorization`` decorator. For each kind of object (domain), associate a callback which is given the object id, the user login and the expected role, and returns whether the user has this role for this object id. Return *None* for 404. .. py:attribute:: FSA_CAST :type: dict[Any, Hooks] Parameter hook for type conversion. Cast function to call on the raw parameter (usually) string value, if it does not have the expected type. This does not apply to special and pydantic parameters. See also ``cast`` function/decorator. .. py:attribute:: FSA_SPECIAL_PARAMETER :type: dict[Any, Hooks] Parameter hook for special parameters. The hook is called with the parameter *name* as an argument. It may access ``request`` or whatever to return some value. See also ``special_parameter`` function/decorator. .. py:attribute:: FSA_BEFORE_REQUEST :type: list[Hooks] :value: [] Request hook executed before request. These hooks are managed internally by FlaskSimpleAuth so that they are executed *after* its own (FSA) before request hooks, so as to minimize interactions between user hooks registered to Flask directly and its own hooks. .. py:attribute:: FSA_BEFORE_EXEC :type: list[Hooks] :value: [] Request hook executed after authentication. FlaskSimpleAuth-specific hooks executed after authentication, so that for instance the current user is available. The hook is executed *after* authentication and *before* the user function. It may be used to commit and return a database connection used by the authentication phase. See also ``before_exec`` function/decorator. .. py:attribute:: FSA_AFTER_REQUEST :type: list[Hooks] :value: [] Request hook executed after request. These hooks are managed internally by FlaskSimpleAuth so that they are executed *after* its own before request hooks, so as to minimize interactions between user hooks registered to Flask directly and its own hooks. .. py:attribute:: FSA_ADD_HEADERS :type: dict[str, str | Callable[[], str]] Response hook to add headers. Key is the header name, value is the header value or a function generating the header value. See also ``add_headers`` function. .. py:attribute:: FSA_AUTH :type: str | list[str] :value: [] List of enabled authentication schemes. This directive is **mandatory**. Note: the result of authentication is the user identification (eg login, name or email…) as a string, which is accessible from the application and using the ``CurrentUser`` special parameter type in route functions. - ``none``: no authentication, implicit if ``FSA_AUTH`` is a scalar, required for OPEN routes. - ``httpd``: inherit web-server authentication. - ``basic``: HTTP Basic password authentication. - ``http-basic``: same with *Flask-HTTPAuth* implementation. - ``digest``: HTTP Digest password authentication with *Flask-HTTPAuth*. - ``http-digest``: same as previous. - ``param``: parameter password authentication. - ``password``: try ``basic`` then ``param``. - ``fake``: fake authentication using a parameter, for local tests only. - ``token``: token authentication (implicit if ``FSA_AUTH`` is a scalar). - ``http-token``: same with *Flask-HTTPAuth*. - ``oauth``: token authentication variant, where the token holds the list of permissions. .. py:attribute:: FSA_AUTH_DEFAULT :type: str | list[str] | None :value: None Default authentications to use on a route. These authentications **must** be enabled. Default is *None*, which means relying on schemes allowed by ``FSA_AUTH``. .. py:attribute:: FSA_REALM :type: str :value: '' Authentication realm, default is application name. This realm is used for *basic*, *digest* and *token* authentications. .. py:attribute:: FSA_FAKE_LOGIN :type: str :value: 'LOGIN' Parameter name for fake authentication. This parameter string value is taken as the authenticated user name when *fake* auth is enabled. Only for local tests, please! .. py:attribute:: FSA_PARAM_USER :type: str :value: 'USER' Parameter name for user for param authentication. This parameter string value is the login name for *param* authentication. .. py:attribute:: FSA_PARAM_PASS :type: str :value: 'PASS' Parameter name for password for param authentication. This parameter string value is the password for *param* authentication. .. py:attribute:: FSA_TOKEN_TYPE :type: str | None :value: 'fsa' Type of authentication token. - ``fsa``: simple custom token - ``jwt``: JSON web token standard - *None*: disable token authentication .. py:attribute:: FSA_TOKEN_ALGO :type: str :value: 'blake2s' Token signature algorithm. Default depends on token type. - ``blake2s``: for *fsa* tokens. Other values can be taken from ``hashlib``, see ``hashlib.algorithms_available``. - ``HS256``: for *jwt* tokens. Other values defined in the JWT standard. .. py:attribute:: FSA_TOKEN_CARRIER :type: str :value: 'bearer' Token carrier, i.e. where to find the token. - ``bearer``: in the ``Authorization`` header (default) - ``cookie``: in a request cookie - ``header``: in a custom header - ``param``: in a request parameter The ``FSA_TOKEN_NAME`` directives provides the additional name. .. py:attribute:: FSA_TOKEN_NAME :type: str :value: 'Bearer' Token carrier name. Authentication scheme, or cookie/header/parameter name. See defaults in full documentation. .. py:attribute:: FSA_TOKEN_DELAY :type: float :value: 60.0 Token validity delay in minutes. .. py:attribute:: FSA_TOKEN_GRACE :type: float :value: 0.0 Token grace time after expiration, in minutes. .. py:attribute:: FSA_TOKEN_LENGTH :type: int :value: 16 FSA token signature length. Number of hash characters kept for signing an *fsa* token. Default is *16*, meaning a 64-bit signature. .. py:attribute:: FSA_TOKEN_SECRET :type: str :value: '' Token verification secret. Default is a randomly generated 256-bits string which only works for one process. .. py:attribute:: FSA_TOKEN_SIGN :type: str | None :value: None Token signature secret. Only for public-key JWT schemes. Default is ``FSA_TOKEN_SECRET``. .. py:attribute:: FSA_TOKEN_RENEWAL :type: float :value: 0.0 Token cookie automatic renewal as a fraction of remaining life time. .. py:attribute:: FSA_TOKEN_ISSUER :type: str | None :value: None Token issuer. .. py:attribute:: FSA_PASSWORD_SCHEME :type: str | list[str] | None :value: 'bcrypt' Password hash provider and algorithm name, or list of passlib schemes, or password disactivation. If the provider is not set, uses ``fsa`` for *bcrypt*, *argon2*, *scrypt*, *plaintext*, *a85* and *b64*, otherwise ``passlib``. .. py:attribute:: FSA_PASSWORD_OPTS :type: dict[str, Any] | None :value: None Password hash algorithm options. *None* triggers the defaults, which depend on the provider and scheme: - for ``fsa:bcrypt``: ``{"rounds": 4, "prefix"=b"2b"}`` - for ``fsa:argon2``: ``{"memory_cost": 1000, "time_cost": 1, "parallelism": 1}`` - for ``fsa:scrypt``: ``{"saltlength": 16, "maxtime": 0.05}`` - for ``fsa:*``: ``{}`` - for ``passlib:bcrypt``: ``{"bcrypt__default_rounds": 4, "bcrypt__default_ident": "2y"}`` With passlib, default for *bcrypt* is ident *2y* (132-bit salt) with *4* rounds (2⁴ hash iterations). It is compatible with Apache. All _2*_ variants are really equivalent. The recommend password rounds is _12_, which results in _x00 ms_ server cpu time. This is okay only if you do **not** use password authentication on many routes, but only to retrieve some token which would be much easier to check. .. py:attribute:: FSA_PASSWORD_LENGTH :type: int :value: 0 Password quality minimal length. Default is *0*, meaning no minimal length is required. .. py:attribute:: FSA_PASSWORD_RE :type: list[str] :value: [] Password quality regular expressions. Passwords submitted to ``hash_password`` are checked against this list. Default is empty list, meaning no character constraints on passwords. .. py:attribute:: FSA_PASSWORD_QUALITY :type: Hooks | None :value: None Password quality hook. Arbitrary password quality check. Given the password string, returns whether the password is valid. .. py:attribute:: FSA_PASSWORD_CHECK :type: Hooks | None :value: None Password check hook. Alternate password check function. Given the login and clear password, returns whether the authentication is valid. This allows to take full control of password checking, possibly as a fallback. Consider adding a new authentication scheme, see FSA_AUTHENTICATION. .. py:attribute:: FSA_HTTP_AUTH_OPTS :type: dict[str, Any] Flask-HTTPAuth initialization options. .. py:attribute:: FSA_AUTHZ_GROUPS :type: list[str] :value: [] Authorized groups declaration. Declaring groups allows to detect group name typos at configuration time. .. py:attribute:: FSA_AUTHZ_SCOPES :type: list[str] :value: [] Authorized scopes declaration. Declaring scopes allows to detect scope name typos at configuration time. .. py:attribute:: FSA_DEFAULT_CONTENT_TYPE :type: str | None :value: None Set default content type for str or bytes responses. Default (*None*) is to use Flask's defaults. .. py:attribute:: FSA_JSON_STREAMING :type: bool :value: True Whether to stream JSON output on generators. Default (*True*) is to stream, which may interact badly with driver transactions depending on how the WSGI server works. Setting this to *False* ensures that JSON is returned as a string by FlaskSimpleAuth's ``jsonify``. .. py:attribute:: FSA_JSON_CONVERTER :type: dict[type, Hooks] JSON Converter Mapping. Map types to JSON conversion functions. .. py:attribute:: FSA_JSON_ALLSTR :type: bool :value: False JSON Converter Casting. Whether to cast all unexpected types with ``str``. .. py:attribute:: FSA_REJECT_UNEXPECTED_PARAM :type: bool :value: True Whether to reject unexpected parameters. .. py:attribute:: FSA_CACHE :type: str | MutableMapping :value: 'ttl' Cache type. - ``none``: disactivate caching - ``dict``: simple dictionary - ``ttl``, ``lru``, ``tlru``, ``lfu``, …: from *CacheTools* - ``memcached`` and ``redis``: external shared caches Default is ``ttl``… because it is a good idea. .. py:attribute:: FSA_CACHE_SIZE :type: int :value: 262144 Cache maximum number of entries. .. py:attribute:: FSA_CACHE_OPTS :type: dict[str, Any] Cache initialization options. These options as passed when creating the cache instance. .. py:attribute:: FSA_CACHE_PREFIX :type: str | None :value: None Cache common prefix. This prefix is shared by all FSA internal cache entries, so that they may not collide with other cache entries when an external cache is shared by different part of an application. .. py:attribute:: FSA_CACHED_OPTS :type: dict[str, Any] Options for "cached" decorator. .. py:attribute:: FSA_401_REDIRECT :type: str | None :value: None URL redirection target on 401. URL of the web application login page. .. py:attribute:: FSA_URL_NAME :type: str :value: 'URL' URL redirection parameter name. The source URL is passed as this parameter to the *401* redirection target so that it can be redirected back after authentication. .. py:attribute:: FSA_CORS :type: bool :value: False Whether to activate Flask-CORS. This is needed to work around web browser security checks. This implementation is delegated to the Flask-CORS extension. .. py:attribute:: FSA_CORS_OPTS :type: dict[str, Any] Flask-CORS initialization options. See `Flask-CORS documentation `_ for details. .. py:class:: FlaskSimpleAuth(app: flask.Flask, debug: bool = False, **config) Flask extension for authentication, authorization and parameters. Although this class can be used as a Flask extension, the prefered approach is to use the Flask class provided in this module, which overrides directly Flask internals so as to provide our declarative security layer, so that you may not shortcut the extension. .. py:method:: get_user_pass(gup: Hooks) -> Hooks Set `get_user_pass` helper, can be used as a decorator. .. py:method:: user_in_group(uig: Hooks) -> Hooks Set `user_in_group` helper, can be used as a decorator. .. py:method:: password_quality(pqc: Hooks) -> Hooks Set `password_quality` hook. .. py:method:: password_check(pwc: Hooks) -> Hooks Set `password_check` hook. .. py:method:: error_response(erh: Hooks) -> Hooks Set `error_response` hook. .. py:method:: cast(t, cast: Hooks | None = None) Add a cast function associated to a type. This function is called for type conversion on parameters. .. py:method:: special_parameter(t, sp: Hooks | None = None) Add a special parameter type. These special parameters are managed by calling the hook with a the parameter name as an argument. .. py:method:: group_check(group: str | int, checker: Hooks | None = None) Add a group helper for a given group. .. py:method:: object_perms(domain: str, checker: Hooks | None = None) Add an object permission helper for a given domain. .. py:method:: authentication(auth: str, hook: Hooks | None = None) Add new authentication hook. .. py:method:: add_group(*groups) -> None Add some groups. .. py:method:: add_scope(*scopes) -> None Add some scopes. .. py:method:: add_headers(**kwargs) -> None Add some headers. .. py:method:: before_exec(hook: Hooks) -> None Register an after auth/just before exec hook. .. py:method:: add_json_converter(t: Any, h: Hooks) -> None Register a JSON serialization conversion hook for a type. .. py:method:: check_user_password(user, pwd) -> bool Verify whether a user password is correct according to internals. This allows to check the prior password for a change password route. .. py:method:: check_password(pwd, ref) Verify whether a password is correct compared to a reference (eg salted hash). This allows to check the prior password for a change password route. .. py:method:: hash_password(pwd, check=True) Hash password according to the current password scheme. Setting check to *False* disables automatic password quality checks. .. py:method:: get_user(required=True) -> str | None Authenticate user or throw exception. Tries all possible authentication schemes allowed on the route, and returns the authenticated user or throws an exception. The result is memoized. .. py:method:: current_user() -> str | None Return current authenticated user, if any. Returns `None` if no user has been authenticated. .. py:method:: user_scope(scope) -> bool Is `scope` in the `current user` scopes. .. py:method:: clear_caches() -> None Clear internal shared cache. Probably a bad idea because: - of the performance impact - for a local cache in a multi-process setup, other processes are out The best option is to wait for cache entries to expire with a TTL, or to use one of the specific ``_uncache`` methods. .. py:method:: password_uncache(user: str) -> bool Remove user password entry from cache. .. py:method:: token_uncache(token: str, realm: str) -> bool Remove token entry from cache. .. py:method:: user_token_uncache(user: str, realm: str) -> bool Remove token associated to user/realm from cache. .. py:method:: group_uncache(user: str, group: str | int) -> bool Remove group membership entry from cache. .. py:method:: object_perms_uncache(domain: str, user: str, oid, mode: str | None) -> bool Remove permission entry from cache. .. py:method:: auth_uncache(user: str) -> int Attempt at removing all user authn and authz cache entries. .. py:method:: add_url_rule(rule, endpoint=None, view_func=None, authz=None, authn=None, realm=None, **options) Route decorator helper method. This is the main function which takes a route function and adds all the necessary wrappers to manage authentication, authorization and parameters, before registering the endpoint to Flask WSGI dispatcher. - ``authz``: authorization constraints. - ``authn``: authentication constraints. - ``realm``: realm for this route, supercedes global settings. NOTE ``authorize`` and ``auth`` are deprecated versions of ``authz`` and ``authn``. .. py:method:: route(rule, **options) Extended `route` decorator provided by FlaskSimpleAuth. This decorator is also available on the Flask wrapper, please use it from there. Parameters: - ``rule``: the path, possibly including path parameters. - ``authz``: mandatory permissions required, eg groups or object perms. - ``authn``: authentication scheme(s) allowed on this route. - ``realm``: authentication realm on this particular route. .. py:method:: get(rule, **options) Shortcut for `route` with `GET` method. .. py:method:: post(rule, **options) Shortcut for `route` with `POST` method. .. py:method:: put(rule, **options) Shortcut for `route` with `PUT` method. .. py:method:: delete(rule, **options) Shortcut for `route` with `DELETE` method. .. py:method:: patch(rule, **options) Shortcut for `route` with `PATCH` method. .. py:method:: register_blueprint(blueprint, **options) Register a blueprint.