Class: QgsAuthConfigurationStorage¶

Abstract class that defines the interface for all authentication configuration storage implementations.

Added in version 3.40.

Note

This is an abstract class, with methods which must be implemented by a subclass.

The following methods must be implemented: SIP_THROW(), authMethodConfigs(), authSettingExists(), certAuthorityExists(), certIdentityExists(), certTrustPolicyExists(), description(), id(), isReady(), loadAuthSetting(), loadCertTrustPolicy(), loadMethodConfig(), methodConfigExists(), name(), removeAuthSetting(), removeCertAuthority(), removeCertIdentity(), removeCertTrustPolicy(), removeMethodConfig(), removeSslCertCustomConfig(), settingsParameters(), sslCertCustomConfigExists(), storeAuthSetting(), storeCertAuthority(), storeCertIdentity(), storeCertTrustPolicy(), storeMasterPassword(), storeMethodConfig(), storeSslCertCustomConfig(), type()

Class Hierarchy¶

Base classes¶

QObject

Subclasses¶

QgsAuthConfigurationStorageDb

QSqlDatabase based implementation of QgsAuthConfigurationStorage.

class qgis.core.QgsAuthConfigurationStorage[source]¶

Bases: QObject

__init__(settings: Dict[str | None, Any])

Creates a new authentication configuration storage.

Parameters:: settings (Dict[Optional[str], Any]) – Implementation-specific configuration settings.

class MasterPasswordConfig¶

Bases: object

Structure that holds the (encrypted) master password elements.

civ¶

hash¶

salt¶

class SettingParameter¶

Bases: object

Storage configuration setting parameter.

description¶

name¶

type¶

abstract authMethodConfigs(self, allowedMethods: Iterable[str | None] = []) → Dict[str, QgsAuthMethodConfig][source]¶

Returns a mapping of authentication configurations available from this storage.

Parameters:: allowedMethods (Iterable[Optional[str]] = []) – Optional filter to return only configurations for specific authentication methods.
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.
Return type:: Dict[str, QgsAuthMethodConfig]

authMethodConfigsWithPayload(self) → Dict[str, QgsAuthMethodConfig][source]¶

Returns a mapping of authentication configurations available from this storage. The encrypted payload is added to the configuration as “encrypted_payload” key.

Raises:: QgsNotSupportedException – if the operation is not supported by the storage

Note

This convenience method is used by the authentication manager to retrieve the configurations and check if it can decrypt all of them, it is faster than retrieve all the configurations one by one.

Return type:: Dict[str, QgsAuthMethodConfig]

abstract authSettingExists(self, key: str | None) → bool[source]¶

Check if an authentication setting exists in the storage.

Parameters:: key (Optional[str]) – Setting key.
Return type:: bool
Returns:: True if the setting exists, False otherwise.
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

signal authSettingsChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

caCerts(self) → List[QSslCertificate]¶

Returns the list of CA certificates in the storage

Return type:: List[QSslCertificate]
Returns:: list of CA certificates
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

caCertsPolicy(self) → Dict[str, QgsAuthCertUtils.CertTrustPolicy]¶

Returns the map of CA certificates hashes in the storages and their trust policy.

Return type:: Dict[str, QgsAuthCertUtils.CertTrustPolicy]
Returns:: map of CA certificates hashes and their trust policy
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

capabilities(self) → Qgis.AuthConfigurationStorageCapabilities[source]¶

Returns the capabilities of the storage.

Return type:: Qgis.AuthConfigurationStorageCapabilities

signal certAuthorityChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

abstract certAuthorityExists(self, cert: QSslCertificate) → bool[source]¶

Check if a certificate authority exists

Parameters:: cert (QSslCertificate) – Certificate authority
Return type:: bool
Returns:: True if the certificate authority exists, False otherwise
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

certAuthorityIds(self) → List[str][source]¶

Returns the list of certificate authority IDs in the storage.

Return type:: List[str]
Returns:: list of certificate authority IDs
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

certIdentities(self) → List[QSslCertificate]¶

certIdentities get certificate identities

Return type:: List[QSslCertificate]
Returns:: list of certificates
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

signal certIdentityChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

abstract certIdentityExists(self, id: str | None) → bool[source]¶

Check if the certificate identity exists

Parameters:: id (Optional[str]) – Certificate identity id
Return type:: bool
Returns:: True if the certificate identity exists, False otherwise
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

certIdentityIds(self) → List[str][source]¶

certIdentityIds get list of certificate identity ids from database

Return type:: List[str]
Returns:: list of certificate ids
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract certTrustPolicyExists(self, cert: QSslCertificate) → bool[source]¶

Check if certificate trust policy exists

Parameters:: cert (QSslCertificate) – Certificate
Return type:: bool
Returns:: True if the certificate trust policy exists, False otherwise
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

clearMasterPasswords(self) → bool[source]¶

Remove all master passwords from the database.

Return type:: bool
Returns:: True if operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

clearMethodConfigs(self) → bool[source]¶

Remove all authentications configurations from the storage.

Return type:: bool
Returns:: True if authentications configurations were removed, False otherwise.

Note

This method does not remove certificate and other assets.

Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract description(self) → str[source]¶

Returns a human readable localized description of the storage implementation (e.g. “Store credentials in a local SQLite database”). This description is displayed to the user.

Return type:: str

erase(self) → bool[source]¶

Completely erase the storage removing all configurations/certs/settings etc.

Return type:: bool
Returns:: True if storage was completely erased, False if any error occurred.
Raises:: QgsNotSupportedException – if the operation is not supported by the storage (e.g. the storage is read-only).

abstract id(self) → str[source]¶

Returns the unique identifier of the storage object. The id is used to uniquely identify the storage object (e.g. the path or the connection URI to a storage configuration).

Return type:: str

virtual initialize(self) → bool[source]¶

Initializes the storage.

Return type:: bool
Returns:: True if the storage was successfully initialized, False otherwise. If the storage is already initialized, this method does nothing and returns True.

Note

The default implementation does nothing and returns True. This method is called by the authentication manager when the storage is added to the manager.

isEnabled(self) → bool[source]¶

Returns True if the storage is enabled.

Return type:: bool

isEncrypted(self) → bool[source]¶

Returns True if the storage is encrypted.

Return type:: bool

virtual isReadOnly(self) → bool[source]¶

Returns True if the storage is read-only, False otherwise.

See also

setReadOnly()

Return type:: bool

abstract isReady(self) → bool[source]¶

Returns True is the storage is ready to be used.

Note

This method should be called after the initialize() method to check whether the initialization was properly completed.

Return type:: bool

virtual lastError(self) → str[source]¶

Returns the last error message.

Return type:: str

abstract loadAuthSetting(self, key: str | None) → str[source]¶

Load an authentication setting from the storage.

Parameters:: key (Optional[str]) – Setting key.
Return type:: str
Returns:: Setting value.
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

loadCertAuthority(self, id: str | None) → QSslCertificate[source]¶

certAuthority get a certificate authority by id (sha hash)

Parameters:: id (Optional[str]) – sha hash
Return type:: QSslCertificate
Returns:: a (possibly empty) certificate
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

loadCertIdentity(self, id: str | None) → QSslCertificate[source]¶

certIdentity get a certificate identity by id (sha hash)

Parameters:: id (Optional[str]) – sha hash of the cert
Return type:: QSslCertificate
Returns:: the certificate
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

loadCertIdentityBundle(self, id: str | None) → Tuple[QSslCertificate, str]¶

Returns a certificate identity bundle by id (sha hash).

Parameters:: id (Optional[str]) – sha shash
Return type:: Tuple[QSslCertificate, str]
Returns:: a pair with the certificate and its SSL key as an encrypted string
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract loadCertTrustPolicy(self, cert: QSslCertificate) → QgsAuthCertUtils.CertTrustPolicy[source]¶

Load certificate trust policy

Parameters:: cert (QSslCertificate) – Certificate
Return type:: QgsAuthCertUtils.CertTrustPolicy
Returns:: Trust policy
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract loadMethodConfig(self, id: str | None, full: bool = False)[source]¶

Load an authentication configuration from the database.

Parameters:

id (Optional[str]) – Configuration id.
full (bool = False) -> (QgsAuthMethodConfig) – If True, the full configuration is loaded and the (possibly encrypted) payload is populated, otherwise only the configuration metadata is loaded.

Returns:

Authentication configuration metadata.
payload: (possibly encrypted) payload.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

loadSslCertCustomConfig(self, id: str | None, hostport: str | None) → QgsAuthConfigSslServer[source]¶

Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)

Parameters:

id (Optional[str]) – sha hash
hostport (Optional[str]) – string host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

loadSslCertCustomConfigByHost(self, hostport: str | None) → QgsAuthConfigSslServer[source]¶

Loads an SSL certificate custom config by hostport (host:port)

Parameters:: hostport (Optional[str]) – host:port
Return type:: QgsAuthConfigSslServer
Returns:: a SSL certificate custom config
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

virtual loggerTag(self) → str[source]¶

Returns the logger tag for the storage. The default implementation returns the literal “Auth storage” followed by the storage name.

Return type:: str

signal masterPasswordChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

masterPasswords(self) → List[QgsAuthConfigurationStorage.MasterPasswordConfig]¶

Returns the list of (encrypted) master passwords stored in the database.

Return type:: List[QgsAuthConfigurationStorage.MasterPasswordConfig]
Returns:: list of master passwords
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

signal messageLog[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

signal methodConfigChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

abstract methodConfigExists(self, id: str | None) → bool[source]¶

Check if an authentication configuration exists in the storage.

Parameters:: id (Optional[str]) – Configuration id.
Return type:: bool
Returns:: True if the configuration exists, False otherwise.
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract name(self) → str[source]¶

Returns a human readable localized short name of the storage implementation (e.g “SQLite”). This name is displayed to the user and used to identify the storage implementation.

Return type:: str

signal readOnlyChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

abstract removeAuthSetting(self, key: str | None) → bool[source]¶

Remove an authentication setting from the storage.

Parameters:: key (Optional[str]) – Setting key.
Return type:: bool
Returns:: Whether operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeCertAuthority(self, cert: QSslCertificate) → bool[source]¶

Remove a certificate authority

Parameters:: cert (QSslCertificate) – Certificate authority
Return type:: bool
Returns:: Whether operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeCertIdentity(self, cert: QSslCertificate) → bool[source]¶

Remove a certificate identity from the storage.

Parameters:: cert (QSslCertificate) – Certificate.
Returns:: Whether operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

removeCertIdentity(self, id: Optional[str]) -> bool Remove a certificate identity from the storage.

Parameters:: id – Certificate identity id
Return type:: bool
Returns:: Whether operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeCertTrustPolicy(self, cert: QSslCertificate) → bool[source]¶

Remove certificate trust policy

Parameters:: cert (QSslCertificate) – Certificate
Return type:: bool
Returns:: Whether operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeMethodConfig(self, id: str | None) → bool[source]¶

Removes the authentication configuration with the specified id.

Return type:: bool
Returns:: True if the configuration was removed, False otherwise.
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.
Parameters:: id (Optional[str])

abstract removeSslCertCustomConfig(self, id: str | None, hostport: str | None) → bool[source]¶

Remove an SSL certificate custom config

Parameters:

id (Optional[str]) – sha hash
hostport (Optional[str]) – host:port

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

setCapabilities(self, capabilities: Qgis.AuthConfigurationStorageCapabilities | Qgis.AuthConfigurationStorageCapability)[source]¶

Set the capabilities of the storage to capabilities.

Parameters:: capabilities (Union[Qgis.AuthConfigurationStorageCapabilities, Qgis.AuthConfigurationStorageCapability])

setEnabled(self, enabled: bool)[source]¶

Set the storage enabled status to enabled.

Note

This is a user-controlled setting: the storage may be enabled but not ready to be used.

Parameters:: enabled (bool)

setError(self, error: str | None, level: Qgis.MessageLevel = Qgis.MessageLevel.Critical)[source]¶

Set the last error message to error with message level level.

Parameters:

error (Optional[str])
level (Qgis.MessageLevel = Qgis.MessageLevel.Critical)

virtual setReadOnly(self, readOnly: bool)[source]¶

Utility method to unset all editing capabilities.

Note

This method does not alter existing capabilities, make sure subclasses recompute capabilities if needed.

Parameters:: readOnly (bool)

settings(self) → Dict[str, Any]¶

Returns the settings of the storage.

Return type:: Dict[str, Any]

abstract settingsParameters(self) → List[QgsAuthConfigurationStorage.SettingParameter]¶

Returns a list of the settings accepted by the storage.

Return type:: List[QgsAuthConfigurationStorage.SettingParameter]

signal sslCertCustomConfigChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

abstract sslCertCustomConfigExists(self, id: str | None, hostport: str | None) → bool[source]¶

Check if SSL certificate custom config exists

Parameters:

id (Optional[str]) – sha hash
hostport (Optional[str]) – host:port

Return type:

bool

Returns:

True if the SSL certificate custom config exists, False otherwise

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

sslCertCustomConfigIds(self) → List[str][source]¶

Returns the list of SSL certificate custom config ids.

Return type:: List[str]
Returns:: list of SSL certificate custom config ids
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

sslCertCustomConfigs(self) → List[QgsAuthConfigSslServer]¶

sslCertCustomConfigs get SSL certificate custom configs

Return type:: List[QgsAuthConfigSslServer]
Returns:: list of SSL certificate custom config
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

signal sslCertTrustPolicyChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

signal storageChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

abstract storeAuthSetting(self, key: str | None, value: str | None) → bool[source]¶

Store an authentication setting in the storage.

Parameters:

key (Optional[str]) – Setting key.
value (Optional[str]) – Setting value.

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeCertAuthority(self, cert: QSslCertificate) → bool[source]¶

Store a certificate authority

Parameters:: cert (QSslCertificate) – Certificate authority
Return type:: bool
Returns:: Whether operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeCertIdentity(self, cert: QSslCertificate, keyPem: str | None) → bool[source]¶

Store a certificate identity in the storage.

Parameters:

cert (QSslCertificate) – Certificate.
keyPem (Optional[str]) – SSL key in PEM format.

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeCertTrustPolicy(self, cert: QSslCertificate, policy: QgsAuthCertUtils.CertTrustPolicy) → bool[source]¶

Store certificate trust policy

Parameters:

cert (QSslCertificate) – Certificate
policy (QgsAuthCertUtils.CertTrustPolicy) – Trust policy

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeMasterPassword(self, config: QgsAuthConfigurationStorage.MasterPasswordConfig) → bool[source]¶

Store a master password in the database.

Parameters:: config (QgsAuthConfigurationStorage.MasterPasswordConfig) – Master password configuration.
Return type:: bool
Returns:: True if operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeMethodConfig(self, config: QgsAuthMethodConfig, payload: str | None) → bool[source]¶

Store an authentication config in the database.

Parameters:

config (QgsAuthMethodConfig) – Authentication configuration.
payload (Optional[str]) – payload to store (possibly encrypted).

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeSslCertCustomConfig(self, config: QgsAuthConfigSslServer) → bool[source]¶

Store an SSL certificate custom config

Parameters:: config (QgsAuthConfigSslServer) – SSL certificate custom config
Return type:: bool
Returns:: Whether operation succeeded
Raises:: QgsNotSupportedException – if the operation is not supported by the storage.

abstract type(self) → str[source]¶

Returns the type of the storage implementation. The type is used to identify the storage implementation internally (e.g. “sqlite”). A valid type must be ASCII alphanumeric and contain no spaces.

Return type:: str