Authentication and Session Management¶
Authentication¶
A user is authenticated by providing a username and password. The currently configured mechanisms (that is, local, RADIUS) are used to verify the user. If authenticated successfully, an instance of ExosUser is returned. From there, the user’s permission level can be obtained.
-
exos.api.
authenticate_user
(username, password, src_addr)[source]¶ Authenticate a user, given a username and password. An
ExosUser
is returned if successful orNone
if not.
-
exos.api.
authenticate_user_async
(callback, username, password, src_addr)[source]¶ Asynchronous version of
authenticate_user()
. Returns immediately and calls callback with the result. callback must accept one argument, which is anExosUser
if successful orNone
if failed.
-
class
exos.api.
ExosUser
(username, src_addr=None)[source]¶ An authenticated EXOS user. Instances of this class should be obtained via
authenticate_user()
,authenticate_user_async()
, orvalidate_session()
. Do not create instances of this class directly.-
start_session
(src_addr)[source]¶ Start a session for this user. src_addr must be a string in IPv4 or IPv6 format. The new session’s cookie is returned. If this user already has a session,
AaaSessionExistsError
is raised.
-
end_session
()[source]¶ End a session for this user. If this user does not have a session,
AaaSessionDoesNotExistError
is raised.
-
read_write
= None¶ True if the user has read/write privileges
The user’s session cookie, if a session has been started.
-
session_start
= None¶ The time, as returned by
time.time()
, the session was started.
-
username
= None¶ The user’s name.
-
Session¶
A session can be created, given an instance of ExosUser. Each session will be assigned a random session cookie. Applications can return that cookie to their client and later use it to retrieve the ExosUser again.
Sessions have a few distinct advantages:
- They’re more efficient. The user does not have to be re-authenticated. If the auth server is remote (that is, RADIUS), authentication can be expensive.
- They provide a convenient place to cache data. The same
ExosUser
instance is returned on each session cookie lookup, making it a convenient place to store information specific to this user’s current interaction with the application.
Sessions are created using the ExosUser.start_session()
method. Use
validate_session()
to retrieve the ExosUser instance again.
Applications are responsible for cleaning up sessions.
ExosUser.end_session()
must eventually be called, either because the user
logged out or because the session has become stale.
Sessions are also visible from the CLI and can be cleared:
show session
clear session <sessId>