Class: QgsAuthManager¶

Singleton which offers an interface to manage the authentication configuration database and to utilize configurations through various authentication method plugins.

QgsAuthManager should not usually be directly created, but rather accessed through QgsApplication.authManager().

Class Hierarchy¶

Base classes¶

QObject

class qgis.core.QgsAuthManager[source]¶

Bases: QObject

AUTH_MAN_TAG: str = 'Authentication Manager'¶

AUTH_PASSWORD_HELPER_DISPLAY_NAME: str = 'Wallet/KeyRing'¶

CRITICAL = 2¶

INFO = 0¶

class MessageLevel¶: Bases: int

WARNING = 1¶

authConfigurationStorageRegistry(self) → QgsAuthConfigurationStorageRegistry | None[source]¶

Returns the authentication configuration storage registry.

Added in version 3.40.

Return type:: Optional[QgsAuthConfigurationStorageRegistry]

signal authDatabaseChanged[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

authDatabaseConfigTable(self) → str[source]¶

Name of the authentication database table that stores configs

Deprecated since version 3.40: Direct access to the DB is not allowed, use methodConfigTableName() instead.

Return type:: str

authDatabaseConnection(self) → QSqlDatabase[source]¶

Sets up the application instance of the authentication database connection

Deprecated since version 3.40: Direct access to the DB is not allowed, use QgsAuthConfigurationStorage API instead.

Return type:: QSqlDatabase

signal authDatabaseEraseRequested[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

authDatabaseServersTable(self) → str[source]¶

Name of the authentication database table that stores server exceptions/configs

Deprecated since version 3.40: Direct access to the DB is not allowed, use QgsAuthConfigurationStorage API instead.

Return type:: str

authManTag(self) → str[source]¶

Simple text tag describing authentication system for message logs

Return type:: str

authMethod(self, authMethodKey: str | None) → QgsAuthMethod | None[source]¶

Gets authentication method from the config/provider cache via its key

Parameters:: authMethodKey (Optional[str]) – Authentication method key
Return type:: Optional[QgsAuthMethod]

authMethodEditWidget(self, authMethodKey: str | None, parent: QWidget | None) → QWidget | None[source]¶

Gets authentication method edit widget via its key

Parameters:

authMethodKey (Optional[str]) – Authentication method key
parent (Optional[QWidget]) – Parent widget

Return type:

Optional[QWidget]

authMethodsKeys(self, dataprovider: str | None = '') → List[str][source]¶

Gets keys of supported authentication methods

Parameters:: dataprovider (Optional[str] = '')
Return type:: List[str]

authSetting(self, key: str | None, defaultValue: Any = None, decrypt: bool = False) → Any[source]¶

Returns a previously set authentication setting.

The value will be retrieved as a string, regardless of the value type used when calling storeAuthSetting().

Parameters:

key (Optional[str]) – setting key
defaultValue (Any = None)
decrypt (bool = False) – if the value needs decrypted

Return type:

Any

Returns:

authentication setting string

See also

storeAuthSetting()

authenticationDatabasePath(self) → str[source]¶

The standard authentication database file in ~/.qgis3/ or defined location

Deprecated since version 3.40: Use authenticationDatabaseUri() instead.

Return type:: str

authenticationDatabaseUri(self) → str[source]¶

Returns the authentication database connection URI.

Added in version 3.40.

Return type:: str

authenticationDatabaseUriStripped(self) → str[source]¶

Returns the authentication database connection URI with the password stripped.

Added in version 3.40.

Return type:: str

availableAuthMethodConfigs(self, dataprovider: str | None = '') → Dict[str, QgsAuthMethodConfig][source]¶

Gets mapping of authentication config ids and their base configs (not decrypted data)

Parameters:: dataprovider (Optional[str] = '')
Return type:: Dict[str, QgsAuthMethodConfig]

backupAuthenticationDatabase(self, backuppath: str | None | None = '')[source]¶

Close connection to current authentication database and back it up

Returns:: Path to backup
Parameters:: backuppath (Optional[Optional[str]] = '') -> (bool)

certAuthority(self, id: str | None) → QSslCertificate[source]¶

certAuthority get a certificate authority by id (sha hash)

Parameters:: id (Optional[str]) – sha hash
Return type:: QSslCertificate
Returns:: a certificate

certIdentities(self) → List[QSslCertificate]¶

certIdentities get certificate identities

Return type:: List[QSslCertificate]
Returns:: list of certificates

certIdentity(self, id: str | None) → QSslCertificate[source]¶

certIdentity get a certificate identity by id (sha hash)

Parameters:: id (Optional[str]) – sha hash of the cert
Return type:: QSslCertificate
Returns:: the certificate

certIdentityBundleToPem(self, id: str | None) → List[str][source]¶

certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text

Parameters:: id (Optional[str]) – sha hash
Return type:: List[str]
Returns:: a list of strings

certIdentityIds(self) → List[str][source]¶

certIdentityIds get list of certificate identity ids from database

Return type:: List[str]
Returns:: list of certificate ids

certTrustCache(self) → Dict[QgsAuthCertUtils.CertTrustPolicy, List[str]]¶

certTrustCache get cache of certificate sha1s, per trust policy

Return type:: Dict[QgsAuthCertUtils.CertTrustPolicy, List[str]]
Returns:: trust-policy-mapped certificate sha1s

certTrustPolicy(self, cert: QSslCertificate) → QgsAuthCertUtils.CertTrustPolicy[source]¶

certTrustPolicy get whether certificate cert is trusted by user

Parameters:: cert (QSslCertificate)
Return type:: QgsAuthCertUtils.CertTrustPolicy
Returns:: DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy

certificateTrustPolicy(self, cert: QSslCertificate) → QgsAuthCertUtils.CertTrustPolicy[source]¶

certificateTrustPolicy get trust policy for a particular certificate cert

Parameters:: cert (QSslCertificate)
Return type:: QgsAuthCertUtils.CertTrustPolicy
Returns:: DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy

clearAllCachedConfigs(self)[source]¶: Clear all authentication configs from authentication method caches

clearCachedConfig(self, authcfg: str | None)[source]¶

Clear an authentication config from its associated authentication method cache

Parameters:: authcfg (Optional[str])

clearMasterPassword(self)[source]¶: Clear supplied master password

Note

This will not necessarily clear authenticated connections cached in network connection managers

configAuthMethod(self, authcfg: str | None) → QgsAuthMethod | None[source]¶

Gets authentication method from the config/provider cache

Parameters:: authcfg (Optional[str]) – Authentication config id
Return type:: Optional[QgsAuthMethod]

configAuthMethodKey(self, authcfg: str | None) → str[source]¶

Gets key of authentication method associated with config ID

Parameters:: authcfg (Optional[str])
Return type:: str

configIdRegex(self) → str[source]¶

Returns the regular expression for authcfg=.{7} key/value token for authentication ids

Return type:: str

configIdUnique(self, id: str | None) → bool[source]¶

Verify if provided authentication id is unique

Parameters:: id (Optional[str]) – Id to check
Return type:: bool

configIds(self) → List[str][source]¶

Gets list of authentication ids from database

Return type:: List[str]

databaseCAs(self) → List[QSslCertificate]¶

databaseCAs get database-stored certificate authorities

Return type:: List[QSslCertificate]
Returns:: list of certificate authorities

defaultCertTrustPolicy(self) → QgsAuthCertUtils.CertTrustPolicy[source]¶

Gets the default certificate trust policy preferred by user

Return type:: QgsAuthCertUtils.CertTrustPolicy

disabledMessage(self) → str[source]¶

Standard message for when QCA’s qca-ossl plugin is missing and system is disabled

Return type:: str

dumpIgnoredSslErrorsCache_(self)[source]¶: Utility function to dump the cache for debug purposes

ensureInitialized(self) → bool[source]¶

Performs lazy initialization of the authentication framework, if it has not already been done.

See also

setup()

Added in version 3.40.

Return type:: bool

eraseAuthenticationDatabase(self, backup: bool, backuppath: str | None | None = '')[source]¶

Erase all rows from all tables in authentication database

Parameters:

backup (bool) – Whether to backup of current database
backuppath (Optional[Optional[str]] = '') -> (bool) – Where the backup is locate

Returns:

Whether operation succeeded

existsAuthSetting(self, key: str | None) → bool[source]¶

Check if an authentication setting exists

Parameters:: key (Optional[str])
Return type:: bool

existsCertAuthority(self, cert: QSslCertificate) → bool[source]¶

Check if a certificate authority exists

Parameters:: cert (QSslCertificate)
Return type:: bool

existsCertIdentity(self, id: str | None) → bool[source]¶

Check if a certificate identity exists

Parameters:: id (Optional[str])
Return type:: bool

existsSslCertCustomConfig(self, id: str | None, hostport: str | None) → bool[source]¶

Check if SSL certificate custom config exists

Parameters:

id (Optional[str])
hostport (Optional[str])

Return type:

bool

exportAuthenticationConfigsToXml(self, filename: str | None, authcfgs: Iterable[str | None], password: str | None = '') → bool[source]¶

Export authentication configurations to an XML file

Parameters:

filename (Optional[str]) – The file path to save the XML content to
authcfgs (Iterable[Optional[str]]) – The list of configuration IDs to export
password (Optional[str] = '') – A password string to encrypt the XML content

Added in version 3.20.

Return type:: bool

extraFileCAs(self) → List[QSslCertificate]¶

extraFileCAs extra file-based certificate authorities

Return type:: List[QSslCertificate]
Returns:: list of certificate authorities

static hasConfigId(txt: str | None) → bool[source]¶

Returns whether a string includes an authcfg ID token

Parameters:: txt (Optional[str]) – String to check
Return type:: bool

importAuthenticationConfigsFromXml(self, filename: str | None, password: str | None = '', overwrite: bool = False) → bool[source]¶

Import authentication configurations from an XML file

Parameters:

filename (Optional[str]) – The file path from which the XML content will be read
password (Optional[str] = '') – A password string to decrypt the XML content
overwrite (bool = False) – If set to True, pre-existing authentication configurations will be overwritten

Added in version 3.20.

Return type:: bool

init(self, pluginPath: str | None = '', authDatabasePath: str | None = '') → bool[source]¶

init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database

Parameters:

pluginPath (Optional[str] = '') – the plugin path
authDatabasePath (Optional[str] = '') – the authentication DB path

Return type:

bool

Returns:

True on success

See also

QgsApplication.pluginPath()

Deprecated since version 3.36: Use setup() or ensureInitialized() instead.

initSslCaches(self) → bool[source]¶

Initialize various SSL authentication caches

Return type:: bool

isDisabled(self) → bool[source]¶

Whether QCA has the qca-ossl plugin, which a base run-time requirement

Return type:: bool

static isFilesystemBasedDatabase(uri: str | None) → bool[source]¶

Returns the True if the uri is a filesystem-based database (SQLite).

Parameters:: uri (Optional[str])
Return type:: bool

loadAuthenticationConfig(self, authcfg: str | None, mconfig: QgsAuthMethodConfig, full: bool = False)[source]¶

Load an authentication config from the database into subclass

Parameters:

authcfg (Optional[str]) – Associated authentication config id
mconfig (QgsAuthMethodConfig) – Subclassed config to load into
full (bool = False) -> (bool) – Whether to decrypt and populate all sensitive data in subclass

Returns:

Whether operation succeeded

mappedDatabaseCAs(self) → Dict[str, QSslCertificate]¶

mappedDatabaseCAs get sha1-mapped database-stored certificate authorities

Return type:: Dict[str, QSslCertificate]
Returns:: sha1-mapped certificate authorities

masterPasswordHashInDatabase(self) → bool[source]¶

Verify a password hash existing in authentication database

Return type:: bool

masterPasswordIsSet(self) → bool[source]¶

Whether master password has be input and verified, i.e. authentication database is accessible

Return type:: bool

masterPasswordSame(self, password: str | None) → bool[source]¶

Check whether supplied password is the same as the one already set

Parameters:: password (Optional[str]) – Password to verify
Return type:: bool

signal masterPasswordVerified[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

signal messageLog[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

signal messageOut[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

methodConfigTableName(self) → str[source]¶

Returns the database table from the first ready storage that stores authentication configs, or an empty string if none available. The table is prefixed with schema and escaped if necessary.

Added in version 3.40.

Return type:: str

static passwordHelperDisplayName(titleCase: bool = False) → str[source]¶

Returns a translated display name of the password helper (platform dependent).

If titleCase is True then a title case version of the string will be returned. Otherwise a mid-sentence case version will be returned.

Added in version 3.42.

Parameters:: titleCase (bool = False)
Return type:: str

static passwordHelperEnabled() → bool[source]¶

Password helper enabled getter

Note

Available in Python bindings since QGIS 3.8.0

Return type:: bool

signal passwordHelperFailure[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

signal passwordHelperMessageLog[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

signal passwordHelperMessageOut[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

signal passwordHelperSuccess[source]¶

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

passwordHelperSync(self) → bool[source]¶

Store the password manager into the wallet

Note

Available in Python bindings since QGIS 3.8.0

Return type:: bool

rebuildCaCertsCache(self) → bool[source]¶

Rebuild certificate authority cache

Return type:: bool

rebuildCertTrustCache(self) → bool[source]¶

Rebuild certificate authority cache

Return type:: bool

rebuildIgnoredSslErrorCache(self) → bool[source]¶

Rebuild ignoredSSL error cache

Return type:: bool

rebuildTrustedCaCertsCache(self) → bool[source]¶

Rebuild trusted certificate authorities cache

Return type:: bool

registerCoreAuthMethods(self) → bool[source]¶

Instantiate and register existing C++ core authentication methods from plugins

Return type:: bool

removeAllAuthenticationConfigs(self) → bool[source]¶

Clear all authentication configs from table in database and from provider caches

Return type:: bool
Returns:: Whether operation succeeded

removeAuthSetting(self, key: str | None) → bool[source]¶

Remove an authentication setting

Parameters:: key (Optional[str])
Return type:: bool

removeAuthenticationConfig(self, authcfg: str | None) → bool[source]¶

Remove an authentication config in the database

Parameters:: authcfg (Optional[str]) – Associated authentication config id
Return type:: bool
Returns:: Whether operation succeeded

removeCertAuthority(self, cert: QSslCertificate) → bool[source]¶

Remove a certificate authority

Parameters:: cert (QSslCertificate)
Return type:: bool

removeCertIdentity(self, id: str | None) → bool[source]¶

Remove a certificate identity

Parameters:: id (Optional[str])
Return type:: bool

removeCertTrustPolicies(self, certs: Iterable[QSslCertificate]) → bool[source]¶

Remove a group certificate authorities

Parameters:: certs (Iterable[QSslCertificate])
Return type:: bool

removeCertTrustPolicy(self, cert: QSslCertificate) → bool[source]¶

Remove a certificate authority

Parameters:: cert (QSslCertificate)
Return type:: bool

removeSslCertCustomConfig(self, id: str | None, hostport: str | None) → bool[source]¶

Remove an SSL certificate custom config

Parameters:

id (Optional[str])
hostport (Optional[str])

Return type:

bool

resetMasterPassword(self, newpass: str | None, oldpass: str | None, keepbackup: bool, backuppath: str | None | None = '')[source]¶

Reset the master password to a new one, then re-encrypts all previous configs with the new password.

Parameters:

newpass (Optional[str]) – New master password to replace existing
oldpass (Optional[str]) – Current master password to replace existing
keepbackup (bool) – Whether to keep the generated backup of current database (if using file-based storage)
backuppath (Optional[Optional[str]] = '') -> (bool) – Where the backup is located, if kept

setDefaultCertTrustPolicy(self, policy: QgsAuthCertUtils.CertTrustPolicy) → bool[source]¶

Sets the default certificate trust policy preferred by user

Parameters:: policy (QgsAuthCertUtils.CertTrustPolicy)
Return type:: bool

setMasterPassword(self, verify: bool = False) → bool[source]¶

Main call to initially set or continually check master password is set

Note

If it is not set, the user is asked for its input

Parameters:: verify (bool = False) – Whether password’s hash was saved in authentication database

setMasterPassword(self, password: Optional[str], verify: bool = False) -> bool Overloaded call to reset master password or set it initially without user interaction

Note

Only use this in trusted reset functions, unit tests or user/app setup scripts!

Parameters:

password – Password to use
verify – Whether password’s hash was saved in authentication database

Return type:

bool

setPasswordHelperEnabled(self, enabled: bool)[source]¶

Password helper enabled setter

Note

Available in Python bindings since QGIS 3.8.0

Parameters:: enabled (bool)

setScheduledAuthDatabaseEraseRequestEmitted(self, emitted: bool)[source]¶

Re-emit a signal to schedule an optional erase of authentication database.

Note

This can be called from the slot connected to a previously emitted scheduling signal, so that the slot can ask for another emit later, if the slot noticies the current GUI processing state is not ready for interacting with the user, e.g. project is still loading

Parameters:: emitted (bool) – Setting to False will cause signal to be emitted by the schedule timer. Setting to True will stop any emitting, but will not stop the schedule timer.

setup(self, pluginPath: str | None = '', authDatabasePath: str | None = '')[source]¶

Sets up the authentication manager configuration.

This method does not initialize the authentication framework, instead that is deferred to lazy-initialize when required.

Parameters:

pluginPath (Optional[str] = '') – the plugin path
authDatabasePath (Optional[str] = '') – the authentication DB URI (or just the file path for SQLite)

See also

ensureInitialized()

sslCertCustomConfig(self, id: str | None, hostport: str | None) → QgsAuthConfigSslServer[source]¶

sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)

Parameters:

id (Optional[str]) – sha hash
hostport (Optional[str]) – string host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

sslCertCustomConfigByHost(self, hostport: str | None) → QgsAuthConfigSslServer[source]¶

sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)

Parameters:: hostport (Optional[str]) – host:port
Return type:: QgsAuthConfigSslServer
Returns:: a SSL certificate custom config

sslCertCustomConfigs(self) → List[QgsAuthConfigSslServer]¶

sslCertCustomConfigs get SSL certificate custom configs

Return type:: List[QgsAuthConfigSslServer]
Returns:: list of SSL certificate custom config

storeAuthSetting(self, key: str | None, value: Any, encrypt: bool = False) → bool[source]¶

Stores an authentication setting.

The value will be stored as a string, using QVariant.toString().

See also

authSetting()

Parameters:

key (Optional[str])
value (Any)
encrypt (bool = False)

Return type:

bool

storeAuthenticationConfig(self, mconfig: QgsAuthMethodConfig, overwrite: bool = False)[source]¶

Store an authentication config in the database

Parameters:

mconfig (QgsAuthMethodConfig) – Associated authentication config id
overwrite (bool = False) -> (bool) – If set to True, pre-existing authentication configurations will be overwritten

Returns:

Whether operation succeeded

storeCertAuthorities(self, certs: Iterable[QSslCertificate]) → bool[source]¶

Store multiple certificate authorities

Parameters:: certs (Iterable[QSslCertificate])
Return type:: bool

storeCertAuthority(self, cert: QSslCertificate) → bool[source]¶

Store a certificate authority

Parameters:: cert (QSslCertificate)
Return type:: bool

storeCertIdentity(self, cert: QSslCertificate, key: QSslKey) → bool[source]¶

Store a certificate identity

Parameters:

cert (QSslCertificate)
key (QSslKey)

Return type:

bool

storeCertTrustPolicy(self, cert: QSslCertificate, policy: QgsAuthCertUtils.CertTrustPolicy) → bool[source]¶

Store user trust value for a certificate

Parameters:

cert (QSslCertificate)
policy (QgsAuthCertUtils.CertTrustPolicy)

Return type:

bool

storeSslCertCustomConfig(self, config: QgsAuthConfigSslServer) → bool[source]¶

Store an SSL certificate custom config

Parameters:: config (QgsAuthConfigSslServer)
Return type:: bool

supportedAuthMethodExpansions(self, authcfg: str | None) → QgsAuthMethod.Expansions[source]¶

Gets supported authentication method expansion(s), e.g. NetworkRequest | DataSourceURI, as flags

Parameters:: authcfg (Optional[str])
Return type:: QgsAuthMethod.Expansions

systemRootCAs() → List[QSslCertificate]¶

systemRootCAs get root system certificate authorities

Return type:: List[QSslCertificate]
Returns:: list of certificate authorities

trustedCaCerts(self, includeinvalid: bool = False) → List[QSslCertificate]¶

trustedCaCerts get list of all trusted CA certificates

Parameters:: includeinvalid (bool = False) – whether invalid certs needs to be returned
Return type:: List[QSslCertificate]
Returns:: list of certificates

trustedCaCertsCache(self) → List[QSslCertificate]¶

trustedCaCertsCache cache of trusted certificate authorities, ready for network connections

Return type:: List[QSslCertificate]
Returns:: list of certificates

trustedCaCertsPemText(self) → QByteArray[source]¶

trustedCaCertsPemText get concatenated string of all trusted CA certificates

Return type:: QByteArray
Returns:: bye array with all PEM encoded trusted CAs

uniqueConfigId(self) → str[source]¶

Gets a unique generated 7-character string to assign to as config id

Return type:: str

untrustedCaCerts(self, trustedCAs: Iterable[QSslCertificate] = []) → List[QSslCertificate]¶

untrustedCaCerts get list of untrusted certificate authorities

Return type:: List[QSslCertificate]
Returns:: list of certificates
Parameters:: trustedCAs (Iterable[QSslCertificate] = [])

updateAuthenticationConfig(self, config: QgsAuthMethodConfig) → bool[source]¶

Update an authentication config in the database

Parameters:: config (QgsAuthMethodConfig) – Associated authentication config id
Return type:: bool
Returns:: Whether operation succeeded

updateConfigAuthMethods(self)[source]¶: Sync the confg/authentication method cache with what is in database

updateDataSourceUriItems(self, connectionItems: Iterable[str | None], authcfg: str | None, dataprovider: str | None = '')[source]¶

Provider call to update a QgsDataSourceUri with an authentication config

Parameters:

connectionItems (Iterable[Optional[str]]) – The connection items, e.g. username=myname, of QgsDataSourceUri
authcfg (Optional[str]) – Associated authentication config id
dataprovider (Optional[str] = '') -> (bool) – Provider key filter, offering logic branching in authentication method

Returns:

Whether operation succeeded

updateIgnoredSslErrorsCache(self, shahostport: str | None, errors: Iterable[QSslError]) → bool[source]¶

Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key

Parameters:

shahostport (Optional[str])
errors (Iterable[QSslError])

Return type:

bool

updateIgnoredSslErrorsCacheFromConfig(self, config: QgsAuthConfigSslServer) → bool[source]¶

Update ignored SSL error cache with possible ignored SSL errors, using server config

Parameters:: config (QgsAuthConfigSslServer)
Return type:: bool

updateNetworkProxy(self, proxy: QNetworkProxy, authcfg: str | None, dataprovider: str | None = '')[source]¶

Provider call to update a QNetworkProxy with an authentication config

Parameters:

proxy (QNetworkProxy) – the QNetworkProxy
authcfg (Optional[str]) – Associated authentication config id
dataprovider (Optional[str] = '') -> (bool) – Provider key filter, offering logic branching in authentication method

Returns:

Whether operation succeeded

updateNetworkReply(self, reply: QNetworkReply | None, authcfg: str | None, dataprovider: str | None = '') → bool[source]¶

Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.)

Parameters:

reply (Optional[QNetworkReply]) – The QNetworkReply
authcfg (Optional[str]) – Associated authentication config id
dataprovider (Optional[str] = '') – Provider key filter, offering logic branching in authentication method

Return type:

bool

Returns:

Whether operation succeeded

updateNetworkRequest(self, request: QNetworkRequest, authcfg: str | None, dataprovider: str | None = '')[source]¶

Provider call to update a QNetworkRequest with an authentication config

Parameters:

request (QNetworkRequest) – The QNetworkRequest
authcfg (Optional[str]) – Associated authentication config id
dataprovider (Optional[str] = '') -> (bool) – Provider key filter, offering logic branching in authentication method

Returns:

Whether operation succeeded

verifyMasterPassword(self, compare: str | None = '') → bool[source]¶

Verify the supplied master password against any existing hash in authentication database

Note

Do not emit verification signals when only comparing

Parameters:: compare (Optional[str] = '') – Password to compare against
Return type:: bool