Skip to main content

pyramid_fullauth provides full authentication / authorisation implementation for pyramid applications

Project description


Latest PyPI version Documentation Status Number of PyPI downloads Wheel Status License

Pyramid fullauth’s provides full user registration and management functionality for pyramid based web applications.

Package resources


You’ll need: packages defined in extra_requires[tests] to run tests, and then:




  • [cleanup] Removed internal compat (pyramid_fullauth is now python 3 only)

  • [cleanup] Removed references to pyramid.compat (pyramid_fullauth is now python 3 only)


  • [packaging] use setup.cfg to define package metadata nad options

  • [cleanup] blackify codebase

  • [enhancement] move CI to github-actions

  • [breaking] removed dependency on tzf.pyramid_yml and pymlconf. All configuration has to be handled within .ini file now.

  • [enhancement] refactored route_predicates. Now user_path_hash can handle all user hashes.

  • [enhancement] Changed default cookie session factory from UnencryptedCookieSessionFactoryConfig to SignedCookieSessionFactory.

  • [enhancement] Use require_csrf instead of use_csrf view decorator predicate. This raises now 400 http error instead of 401 in case of bad or no csrf token when required.

  • [enhancement] Set default session serializer as JSONSerializer to comply with pyramid’s 2.0 change

  • [enhancement] Require minimum pyramid 1.10.

  • [enhancement] properly lint code through pylint an fix found issues

  • [security] Set minimum requirement for SQLAlchemy to be at least 1.3.0 to protect against CVE-2019-7164 and CVE-2019-7548


  • increased the size of password and salt fields to 128 characters each

  • default password hashing algorithm is sha256


  • full python3 compatibility, since velruse migrated to py3 enabled requests-oauth

  • require velruse 1.1.1

  • run tests with sqlalchemy 1.0.x

  • small updates to conform with new linters versions embedded in pylama


  • fixed spelling for error message when user does not exist while trying to reset password.

  • require pyramid_basemodel at least version 0.3


  • python 3 compatibility (without oauth2 though)

  • cleared use of deprecated function in favour of pyramid.request.Request.authenticated_userid attribute.

  • make email fields case insensitive by using hybrid properties and CaseInsensitive comparator for model.


  • Fix issue where groupfined was returning empty list instead of None when user did not existed


  • catch all HTTPRedirect instead of just HTTPFound.

  • redirect with HTTPSeeOther instead of HTTPFound where applicable.


  • fixes to include yaml files - fixes #33.



  • configure root factory if it hasn’t been already done

  • configure session factory only if it hasn’t been configured before

  • configure authorization policy only if it hasn’t been configured before

  • configure authentication policy only if it hasn’t been configured before

  • logged in user will be redirected always away from login page

  • views reorganisation - grouping by their function

  • replaced force_logout decorator with logout request method

  • small login view simplification


  • rewritten tests to use pytest_pyramid

  • unified session with pyramid_basemodel’s

  • parametrize tests against two most recent pyramid versions and sqlalchemy

  • turned on pylama to check code with linters:
    • pep8

    • pep257

    • pyflakes

    • mccabe

  • add pytest-dbfixtures, and run tests against postgresql and mysql as well

  • drop python 2.6 from tests

  • 100% test coverage


  • weaker pyramid_yml requirements. Use registry['config'] instead of request.config which gets added only when explicitly including tzf.pyramid_yml package.

  • remove default_config with permission set for forbidden views. Throwning errors in pyramid 1.5a3

  • remove lazy=’load’ for relationship between AuthenticationProvider and User models as it was incorrect. Fixes error while using with sqlalchemy 0.9


  • copy all headers when login user. fixes issue, when headers set in AfterLogin event would not get passed


  • fixed csrf_check in password:reset:continue action

  • updated translation files


  • migrated tests to py.test

  • removed nose and lxml from test requirements

  • extracted UserEmailMixin from User model

  • validation exception improvements

  • set licensing to MIT License

  • fixed general error message for register_POST processing

  • activate action no longer gives 404 error after first use. Default is message about token being invalid or used [veronicazgirvaci]

  • extending csrf_check predicate:
    • Can be turned on/off in settings.

    • Failed check rises 401 Unauthorised error

Backwards Incompatibilities

  • token variable is changed into csrf_token in fullatuh views

  • view no longer returns error messages on failed csrf token. Rises 401 Unauthorised error instead.


  • add localize to requirements. Ability to translate registerlogin communicates

  • ability to set custom session factory [with Veronica Zgirvaci help]

  • moved password validation to one place

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyramid_fullauth-1.0.1.tar.gz (29.3 kB view hashes)

Uploaded Source

Built Distribution

pyramid_fullauth-1.0.1-py3-none-any.whl (43.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page