Class: QgsAuthManager

class qgis.core.QgsAuthManager

Bases: PyQt5.QtCore.QObject

Singleton offering an interface to manage the authentication configuration database and to utilize configurations through various authentication method plugins

QgsAuthManager should not usually be directly created, but rather accessed through QgsApplication.authManager().

Methods

authDatabaseConfigTable

Name of the authentication database table that stores configs

authDatabaseConnection

Sets up the application instance of the authentication database connection

authDatabaseServersTable

Name of the authentication database table that stores server exceptions/configs

authManTag

Simple text tag describing authentication system for message logs

authMethod

Gets authentication method from the config/provider cache via its key

authMethodEditWidget

Gets authentication method edit widget via its key

authMethodsKeys

Gets keys of supported authentication methods

authSetting

authSetting get an authentication setting (retrieved as string and returned as QVariant( QString ))

authenticationDatabasePath

The standard authentication database file in ~/.qgis3/ or defined location

availableAuthMethodConfigs

Gets mapping of authentication config ids and their base configs (not decrypted data)

backupAuthenticationDatabase

Close connection to current authentication database and back it up

certAuthority

certAuthority get a certificate authority by id (sha hash)

certIdentities

certIdentities get certificate identities

certIdentity

certIdentity get a certificate identity by id (sha hash)

certIdentityBundleToPem

certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text

certIdentityIds

certIdentityIds get list of certificate identity ids from database

certTrustCache

certTrustCache get cache of certificate sha1s, per trust policy

certTrustPolicy

certTrustPolicy get whether certificate cert is trusted by user

certificateTrustPolicy

certificateTrustPolicy get trust policy for a particular certificate cert

childEvent

clearAllCachedConfigs

Clear all authentication configs from authentication method caches

clearCachedConfig

Clear an authentication config from its associated authentication method cache

clearMasterPassword

Clear supplied master password

configAuthMethod

Gets authentication method from the config/provider cache

configAuthMethodKey

Gets key of authentication method associated with config ID

configIdRegex

Returns the regular expression for authcfg=.{7} key/value token for authentication ids

configIdUnique

Verify if provided authentication id is unique

configIds

Gets list of authentication ids from database

connectNotify

customEvent

databaseCAs

databaseCAs get database-stored certificate authorities

defaultCertTrustPolicy

Gets the default certificate trust policy preferred by user

disabledMessage

Standard message for when QCA's qca-ossl plugin is missing and system is disabled

disconnectNotify

dumpIgnoredSslErrorsCache_

Utility function to dump the cache for debug purposes

eraseAuthenticationDatabase

Erase all rows from all tables in authentication database

existsAuthSetting

Check if an authentication setting exists

existsCertAuthority

Check if a certificate authority exists

existsCertIdentity

Check if a certificate identity exists

existsSslCertCustomConfig

Check if SSL certificate custom config exists

exportAuthenticationConfigsToXml

Export authentication configurations to an XML file

extraFileCAs

extraFileCAs extra file-based certificate authorities

hasConfigId

Returns whether a string includes an authcfg ID token

importAuthenticationConfigsFromXml

Import authentication configurations from an XML file

init

init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database

initSslCaches

Initialize various SSL authentication caches

isDisabled

Whether QCA has the qca-ossl plugin, which a base run-time requirement

isSignalConnected

loadAuthenticationConfig

Load an authentication config from the database into subclass

mappedDatabaseCAs

mappedDatabaseCAs get sha1-mapped database-stored certificate authorities

masterPasswordHashInDatabase

Verify a password hash existing in authentication database

masterPasswordIsSet

Whether master password has be input and verified, i.e. authentication database is accessible.

masterPasswordSame

Check whether supplied password is the same as the one already set

passwordHelperEnabled

Password helper enabled getter

passwordHelperSync

Store the password manager into the wallet

rebuildCaCertsCache

Rebuild certificate authority cache

rebuildCertTrustCache

Rebuild certificate authority cache

rebuildIgnoredSslErrorCache

Rebuild ignoredSSL error cache

rebuildTrustedCaCertsCache

Rebuild trusted certificate authorities cache

receivers

registerCoreAuthMethods

Instantiate and register existing C++ core authentication methods from plugins

removeAllAuthenticationConfigs

Clear all authentication configs from table in database and from provider caches

removeAuthSetting

Remove an authentication setting

removeAuthenticationConfig

Remove an authentication config in the database

removeCertAuthority

Remove a certificate authority

removeCertIdentity

Remove a certificate identity

removeCertTrustPolicies

Remove a group certificate authorities

removeCertTrustPolicy

Remove a certificate authority

removeSslCertCustomConfig

Remove an SSL certificate custom config

resetMasterPassword

Reset the master password to a new one, then re-encrypt all previous configs in a new database file, optionally backup curren database

sender

senderSignalIndex

setDefaultCertTrustPolicy

Sets the default certificate trust policy preferred by user

setMasterPassword

Main call to initially set or continually check master password is set

setPasswordHelperEnabled

Password helper enabled setter

setScheduledAuthDatabaseEraseRequestEmitted

Re-emit a signal to schedule an optional erase of authentication database.

sslCertCustomConfig

sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)

sslCertCustomConfigByHost

sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)

sslCertCustomConfigs

sslCertCustomConfigs get SSL certificate custom configs

storeAuthSetting

Store an authentication setting (stored as string via QVariant( value ).toString() )

storeAuthenticationConfig

Store an authentication config in the database

storeCertAuthorities

Store multiple certificate authorities

storeCertAuthority

Store a certificate authority

storeCertIdentity

Store a certificate identity

storeCertTrustPolicy

Store user trust value for a certificate

storeSslCertCustomConfig

Store an SSL certificate custom config

supportedAuthMethodExpansions

Gets supported authentication method expansion(s), e.g. NetworkRequest | DataSourceURI, as flags.

systemRootCAs

systemRootCAs get root system certificate authorities

timerEvent

trustedCaCerts

trustedCaCerts get list of all trusted CA certificates

trustedCaCertsCache

trustedCaCertsCache cache of trusted certificate authorities, ready for network connections

trustedCaCertsPemText

trustedCaCertsPemText get concatenated string of all trusted CA certificates

uniqueConfigId

Gets a unique generated 7-character string to assign to as config id

untrustedCaCerts

untrustedCaCerts get list of untrusted certificate authorities

updateAuthenticationConfig

Update an authentication config in the database

updateConfigAuthMethods

Sync the confg/authentication method cache with what is in database

updateDataSourceUriItems

Provider call to update a QgsDataSourceUri with an authentication config

updateIgnoredSslErrorsCache

Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key

updateIgnoredSslErrorsCacheFromConfig

Update ignored SSL error cache with possible ignored SSL errors, using server config

updateNetworkProxy

Provider call to update a QNetworkProxy with an authentication config

updateNetworkReply

Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.)

updateNetworkRequest

Provider call to update a QNetworkRequest with an authentication config

verifyMasterPassword

Verify the supplied master password against any existing hash in authentication database

Signals

authDatabaseChanged

pyqtSignal(*types, name: str = ..., revision: int = ..., arguments: Sequence = ...) -> PYQT_SIGNAL

authDatabaseEraseRequested

pyqtSignal(*types, name: str = ..., revision: int = ..., arguments: Sequence = ...) -> PYQT_SIGNAL

masterPasswordVerified

pyqtSignal(*types, name: str = ..., revision: int = ..., arguments: Sequence = ...) -> PYQT_SIGNAL

messageOut

pyqtSignal(*types, name: str = ..., revision: int = ..., arguments: Sequence = ...) -> PYQT_SIGNAL

passwordHelperFailure

pyqtSignal(*types, name: str = ..., revision: int = ..., arguments: Sequence = ...) -> PYQT_SIGNAL

passwordHelperMessageOut

pyqtSignal(*types, name: str = ..., revision: int = ..., arguments: Sequence = ...) -> PYQT_SIGNAL

passwordHelperSuccess

pyqtSignal(*types, name: str = ..., revision: int = ..., arguments: Sequence = ...) -> PYQT_SIGNAL

Attributes

AUTH_MAN_TAG

AUTH_PASSWORD_HELPER_DISPLAY_NAME

CRITICAL

INFO

WARNING

AUTH_MAN_TAG = 'Authentication Manager'
AUTH_PASSWORD_HELPER_DISPLAY_NAME = 'Wallet/KeyRing'
CRITICAL = 2
INFO = 0
class MessageLevel

Bases: int

baseClass

alias of QgsAuthManager

WARNING = 1
authDatabaseChanged

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

Parameters:
  • name (str = ...) –

  • revision (int = ...) –

  • arguments (Sequence = ...) –

Return type:

PYQT_SIGNAL

authDatabaseConfigTable(self) str

Name of the authentication database table that stores configs

Return type:

str

authDatabaseConnection(self) QSqlDatabase

Sets up the application instance of the authentication database connection

Return type:

QSqlDatabase

authDatabaseEraseRequested

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

Parameters:
  • name (str = ...) –

  • revision (int = ...) –

  • arguments (Sequence = ...) –

Return type:

PYQT_SIGNAL

authDatabaseServersTable(self) str

Name of the authentication database table that stores server exceptions/configs

Return type:

str

authManTag(self) str

Simple text tag describing authentication system for message logs

Return type:

str

authMethod(self, authMethodKey: str) QgsAuthMethod

Gets authentication method from the config/provider cache via its key

Parameters:

authMethodKey (str) – Authentication method key

Return type:

QgsAuthMethod

authMethodEditWidget(self, authMethodKey: str, parent: QWidget) QWidget

Gets authentication method edit widget via its key

Parameters:
  • authMethodKey (str) – Authentication method key

  • parent (QWidget) – Parent widget

Return type:

QWidget

authMethodsKeys(self, dataprovider: str = '') List[str]

Gets keys of supported authentication methods

Parameters:

dataprovider (str = '') –

Return type:

List[str]

authSetting(self, key: str, defaultValue: Any = None, decrypt: bool = False) Any

authSetting get an authentication setting (retrieved as string and returned as QVariant( QString ))

Parameters:
  • key (str) – setting key

  • defaultValue (Any = None) –

  • decrypt (bool = False) – if the value needs decrypted

Return type:

Any

Returns:

QVariant( QString ) authentication setting

New in version 3.0.

authenticationDatabasePath(self) str

The standard authentication database file in ~/.qgis3/ or defined location

Return type:

str

availableAuthMethodConfigs(self, dataprovider: str = '') Dict[str, QgsAuthMethodConfig]

Gets mapping of authentication config ids and their base configs (not decrypted data)

Parameters:

dataprovider (str = '') –

Return type:

Dict[str, QgsAuthMethodConfig]

backupAuthenticationDatabase(self, backuppath: str = '') Tuple[bool, str]

Close connection to current authentication database and back it up

Return type:

Tuple[bool, str]

Returns:

Path to backup

Parameters:

backuppath (str = '') –

certAuthority(self, id: str) QSslCertificate

certAuthority get a certificate authority by id (sha hash)

Parameters:

id (str) – sha hash

Return type:

QSslCertificate

Returns:

a certificate

New in version 3.0.

certIdentities(self) List[QSslCertificate]

certIdentities get certificate identities

Return type:

List[QSslCertificate]

Returns:

list of certificates

New in version 3.0.

certIdentity(self, id: str) QSslCertificate

certIdentity get a certificate identity by id (sha hash)

Parameters:

id (str) – sha hash of the cert

Return type:

QSslCertificate

Returns:

the certificate

New in version 3.0.

certIdentityBundleToPem(self, id: str) List[str]

certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text

Parameters:

id (str) – sha hash

Return type:

List[str]

Returns:

a list of strings

New in version 3.0.

certIdentityIds(self) List[str]

certIdentityIds get list of certificate identity ids from database

Return type:

List[str]

Returns:

list of certificate ids

New in version 3.0.

certTrustCache(self) Dict[QgsAuthCertUtils.CertTrustPolicy, List[str]]

certTrustCache get cache of certificate sha1s, per trust policy

Return type:

Dict[QgsAuthCertUtils.CertTrustPolicy, List[str]]

Returns:

trust-policy-mapped certificate sha1s

New in version 3.0.

certTrustPolicy(self, cert: QSslCertificate) QgsAuthCertUtils.CertTrustPolicy

certTrustPolicy get whether certificate cert is trusted by user

Parameters:

cert (QSslCertificate) –

Return type:

QgsAuthCertUtils.CertTrustPolicy

Returns:

DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy

New in version 3.0.

certificateTrustPolicy(self, cert: QSslCertificate) QgsAuthCertUtils.CertTrustPolicy

certificateTrustPolicy get trust policy for a particular certificate cert

Parameters:

cert (QSslCertificate) –

Return type:

QgsAuthCertUtils.CertTrustPolicy

Returns:

DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy

New in version 3.0.

childEvent(self, QChildEvent)
clearAllCachedConfigs(self)

Clear all authentication configs from authentication method caches

clearCachedConfig(self, authcfg: str)

Clear an authentication config from its associated authentication method cache

Parameters:

authcfg (str) –

clearMasterPassword(self)

Clear supplied master password

Note

This will not necessarily clear authenticated connections cached in network connection managers

configAuthMethod(self, authcfg: str) QgsAuthMethod

Gets authentication method from the config/provider cache

Parameters:

authcfg (str) – Authentication config id

Return type:

QgsAuthMethod

configAuthMethodKey(self, authcfg: str) str

Gets key of authentication method associated with config ID

Parameters:

authcfg (str) –

Return type:

str

configIdRegex(self) str

Returns the regular expression for authcfg=.{7} key/value token for authentication ids

Return type:

str

configIdUnique(self, id: str) bool

Verify if provided authentication id is unique

Parameters:

id (str) – Id to check

Return type:

bool

configIds(self) List[str]

Gets list of authentication ids from database

Return type:

List[str]

connectNotify(self, QMetaMethod)
customEvent(self, QEvent)
databaseCAs(self) List[QSslCertificate]

databaseCAs get database-stored certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificate authorities

New in version 3.0.

defaultCertTrustPolicy(self) QgsAuthCertUtils.CertTrustPolicy

Gets the default certificate trust policy preferred by user

Return type:

QgsAuthCertUtils.CertTrustPolicy

disabledMessage(self) str

Standard message for when QCA’s qca-ossl plugin is missing and system is disabled

Return type:

str

disconnectNotify(self, QMetaMethod)
dumpIgnoredSslErrorsCache_(self)

Utility function to dump the cache for debug purposes

eraseAuthenticationDatabase(self, backup: bool, backuppath: str = '') Tuple[bool, str]

Erase all rows from all tables in authentication database

Parameters:
  • backup (bool) – Whether to backup of current database

  • backuppath (str = '') – Where the backup is locate

Return type:

Tuple[bool, str]

Returns:

Whether operation succeeded

existsAuthSetting(self, key: str) bool

Check if an authentication setting exists

Parameters:

key (str) –

Return type:

bool

existsCertAuthority(self, cert: QSslCertificate) bool

Check if a certificate authority exists

Parameters:

cert (QSslCertificate) –

Return type:

bool

existsCertIdentity(self, id: str) bool

Check if a certificate identity exists

Parameters:

id (str) –

Return type:

bool

existsSslCertCustomConfig(self, id: str, hostport: str) bool

Check if SSL certificate custom config exists

Parameters:
  • id (str) –

  • hostport (str) –

Return type:

bool

exportAuthenticationConfigsToXml(self, filename: str, authcfgs: Iterable[str], password: str = '') bool

Export authentication configurations to an XML file

Parameters:
  • filename (str) – The file path to save the XML content to

  • authcfgs (Iterable[str]) – The list of configuration IDs to export

  • password (str = '') – A password string to encrypt the XML content

New in version 3.20.

Return type:

bool

extraFileCAs(self) List[QSslCertificate]

extraFileCAs extra file-based certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificate authorities

New in version 3.0.

hasConfigId(self, txt: str) bool

Returns whether a string includes an authcfg ID token

Parameters:

txt (str) – String to check

Return type:

bool

importAuthenticationConfigsFromXml(self, filename: str, password: str = '', overwrite: bool = False) bool

Import authentication configurations from an XML file

Parameters:
  • filename (str) – The file path from which the XML content will be read

  • password (str = '') – A password string to decrypt the XML content

  • overwrite (bool = False) – If set to True, pre-existing authentication configurations will be overwritten

New in version 3.20.

Return type:

bool

init(self, pluginPath: str = '', authDatabasePath: str = '') bool

init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database

Parameters:
  • pluginPath (str = '') – the plugin path

  • authDatabasePath (str = '') – the authentication DB path

Return type:

bool

Returns:

True on success

initSslCaches(self) bool

Initialize various SSL authentication caches

Return type:

bool

isDisabled(self) bool

Whether QCA has the qca-ossl plugin, which a base run-time requirement

Return type:

bool

isSignalConnected(self, QMetaMethod) bool
loadAuthenticationConfig(self, authcfg: str, mconfig: QgsAuthMethodConfig, full: bool = False) Tuple[bool, QgsAuthMethodConfig]

Load an authentication config from the database into subclass

Parameters:
  • authcfg (str) – Associated authentication config id

  • mconfig (QgsAuthMethodConfig) – Subclassed config to load into

  • full (bool = False) – Whether to decrypt and populate all sensitive data in subclass

Return type:

Tuple[bool, QgsAuthMethodConfig]

Returns:

Whether operation succeeded

mappedDatabaseCAs(self) Dict[str, QSslCertificate]

mappedDatabaseCAs get sha1-mapped database-stored certificate authorities

Return type:

Dict[str, QSslCertificate]

Returns:

sha1-mapped certificate authorities

New in version 3.0.

masterPasswordHashInDatabase(self) bool

Verify a password hash existing in authentication database

Return type:

bool

masterPasswordIsSet(self) bool

Whether master password has be input and verified, i.e. authentication database is accessible

Return type:

bool

masterPasswordSame(self, pass_: str) bool

Check whether supplied password is the same as the one already set

Parameters:
  • pass (str) – Password to verify

  • pass

Return type:

bool

masterPasswordVerified

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

Parameters:
  • name (str = ...) –

  • revision (int = ...) –

  • arguments (Sequence = ...) –

Return type:

PYQT_SIGNAL

messageOut

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

Parameters:
  • name (str = ...) –

  • revision (int = ...) –

  • arguments (Sequence = ...) –

Return type:

PYQT_SIGNAL

passwordHelperEnabled(self) bool

Password helper enabled getter

Note

Available in Python bindings since QGIS 3.8.0

Return type:

bool

passwordHelperFailure

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

Parameters:
  • name (str = ...) –

  • revision (int = ...) –

  • arguments (Sequence = ...) –

Return type:

PYQT_SIGNAL

passwordHelperMessageOut

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

Parameters:
  • name (str = ...) –

  • revision (int = ...) –

  • arguments (Sequence = ...) –

Return type:

PYQT_SIGNAL

passwordHelperSuccess

pyqtSignal(*types, name: str = …, revision: int = …, arguments: Sequence = …) -> PYQT_SIGNAL

types is normally a sequence of individual types. Each type is either a type object or a string that is the name of a C++ type. Alternatively each type could itself be a sequence of types each describing a different overloaded signal. name is the optional C++ name of the signal. If it is not specified then the name of the class attribute that is bound to the signal is used. revision is the optional revision of the signal that is exported to QML. If it is not specified then 0 is used. arguments is the optional sequence of the names of the signal’s arguments.

Parameters:
  • name (str = ...) –

  • revision (int = ...) –

  • arguments (Sequence = ...) –

Return type:

PYQT_SIGNAL

passwordHelperSync(self) bool

Store the password manager into the wallet

Note

Available in Python bindings since QGIS 3.8.0

Return type:

bool

rebuildCaCertsCache(self) bool

Rebuild certificate authority cache

Return type:

bool

rebuildCertTrustCache(self) bool

Rebuild certificate authority cache

Return type:

bool

rebuildIgnoredSslErrorCache(self) bool

Rebuild ignoredSSL error cache

Return type:

bool

rebuildTrustedCaCertsCache(self) bool

Rebuild trusted certificate authorities cache

Return type:

bool

receivers(self, PYQT_SIGNAL) int
registerCoreAuthMethods(self) bool

Instantiate and register existing C++ core authentication methods from plugins

Return type:

bool

removeAllAuthenticationConfigs(self) bool

Clear all authentication configs from table in database and from provider caches

Return type:

bool

Returns:

Whether operation succeeded

removeAuthSetting(self, key: str) bool

Remove an authentication setting

Parameters:

key (str) –

Return type:

bool

removeAuthenticationConfig(self, authcfg: str) bool

Remove an authentication config in the database

Parameters:

authcfg (str) – Associated authentication config id

Return type:

bool

Returns:

Whether operation succeeded

removeCertAuthority(self, cert: QSslCertificate) bool

Remove a certificate authority

Parameters:

cert (QSslCertificate) –

Return type:

bool

removeCertIdentity(self, id: str) bool

Remove a certificate identity

Parameters:

id (str) –

Return type:

bool

removeCertTrustPolicies(self, certs: Iterable[QSslCertificate]) bool

Remove a group certificate authorities

Parameters:

certs (Iterable[QSslCertificate]) –

Return type:

bool

removeCertTrustPolicy(self, cert: QSslCertificate) bool

Remove a certificate authority

Parameters:

cert (QSslCertificate) –

Return type:

bool

removeSslCertCustomConfig(self, id: str, hostport: str) bool

Remove an SSL certificate custom config

Parameters:
  • id (str) –

  • hostport (str) –

Return type:

bool

resetMasterPassword(self, newpass: str, oldpass: str, keepbackup: bool, backuppath: str = '') Tuple[bool, str]

Reset the master password to a new one, then re-encrypt all previous configs in a new database file, optionally backup curren database

Parameters:
  • newpass (str) – New master password to replace existing

  • oldpass (str) – Current master password to replace existing

  • keepbackup (bool) – Whether to keep the generated backup of current database

  • backuppath (str = '') – Where the backup is located, if kept

Return type:

Tuple[bool, str]

sender(self) QObject
senderSignalIndex(self) int
setDefaultCertTrustPolicy(self, policy: QgsAuthCertUtils.CertTrustPolicy) bool

Sets the default certificate trust policy preferred by user

Parameters:

policy (QgsAuthCertUtils.CertTrustPolicy) –

Return type:

bool

setMasterPassword(self, verify: bool = False) bool

Main call to initially set or continually check master password is set

Note

If it is not set, the user is asked for its input

Parameters:

verify (bool = False) – Whether password’s hash was saved in authentication database

setMasterPassword(self, pass_: str, verify: bool = False) -> bool Overloaded call to reset master password or set it initially without user interaction

Note

Only use this in trusted reset functions, unit tests or user/app setup scripts!

Parameters:
  • pass – Password to use

  • verify – Whether password’s hash was saved in authentication database

Return type:

bool

setPasswordHelperEnabled(self, enabled: bool)

Password helper enabled setter

Note

Available in Python bindings since QGIS 3.8.0

Parameters:

enabled (bool) –

setScheduledAuthDatabaseEraseRequestEmitted(self, emitted: bool)

Re-emit a signal to schedule an optional erase of authentication database.

Note

This can be called from the slot connected to a previously emitted scheduling signal, so that the slot can ask for another emit later, if the slot noticies the current GUI processing state is not ready for interacting with the user, e.g. project is still loading

Parameters:

emitted (bool) – Setting to False will cause signal to be emitted by the schedule timer. Setting to True will stop any emitting, but will not stop the schedule timer.

sslCertCustomConfig(self, id: str, hostport: str) QgsAuthConfigSslServer

sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)

Parameters:
  • id (str) – sha hash

  • hostport (str) – string host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

New in version 3.0.

sslCertCustomConfigByHost(self, hostport: str) QgsAuthConfigSslServer

sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)

Parameters:

hostport (str) – host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

New in version 3.0.

sslCertCustomConfigs(self) List[QgsAuthConfigSslServer]

sslCertCustomConfigs get SSL certificate custom configs

Return type:

List[QgsAuthConfigSslServer]

Returns:

list of SSL certificate custom config

New in version 3.0.

storeAuthSetting(self, key: str, value: Any, encrypt: bool = False) bool

Store an authentication setting (stored as string via QVariant( value ).toString() )

Parameters:
  • key (str) –

  • value (Any) –

  • encrypt (bool = False) –

Return type:

bool

storeAuthenticationConfig(self, mconfig: QgsAuthMethodConfig, overwrite: bool = False) Tuple[bool, QgsAuthMethodConfig]

Store an authentication config in the database

Parameters:
  • mconfig (QgsAuthMethodConfig) – Associated authentication config id

  • overwrite (bool = False) – If set to True, pre-existing authentication configurations will be overwritten

Return type:

Tuple[bool, QgsAuthMethodConfig]

Returns:

Whether operation succeeded

storeCertAuthorities(self, certs: Iterable[QSslCertificate]) bool

Store multiple certificate authorities

Parameters:

certs (Iterable[QSslCertificate]) –

Return type:

bool

storeCertAuthority(self, cert: QSslCertificate) bool

Store a certificate authority

Parameters:

cert (QSslCertificate) –

Return type:

bool

storeCertIdentity(self, cert: QSslCertificate, key: QSslKey) bool

Store a certificate identity

Parameters:
  • cert (QSslCertificate) –

  • key (QSslKey) –

Return type:

bool

storeCertTrustPolicy(self, cert: QSslCertificate, policy: QgsAuthCertUtils.CertTrustPolicy) bool

Store user trust value for a certificate

Parameters:
Return type:

bool

storeSslCertCustomConfig(self, config: QgsAuthConfigSslServer) bool

Store an SSL certificate custom config

Parameters:

config (QgsAuthConfigSslServer) –

Return type:

bool

supportedAuthMethodExpansions(self, authcfg: str) QgsAuthMethod.Expansions

Gets supported authentication method expansion(s), e.g. NetworkRequest | DataSourceURI, as flags

Parameters:

authcfg (str) –

Return type:

QgsAuthMethod.Expansions

systemRootCAs(self) List[QSslCertificate]

systemRootCAs get root system certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificate authorities

New in version 3.0.

timerEvent(self, QTimerEvent)
trustedCaCerts(self, includeinvalid: bool = False) List[QSslCertificate]

trustedCaCerts get list of all trusted CA certificates

Parameters:

includeinvalid (bool = False) – whether invalid certs needs to be returned

Return type:

List[QSslCertificate]

Returns:

list of certificates

New in version 3.0.

trustedCaCertsCache(self) List[QSslCertificate]

trustedCaCertsCache cache of trusted certificate authorities, ready for network connections

Return type:

List[QSslCertificate]

Returns:

list of certificates

New in version 3.0.

trustedCaCertsPemText(self) QByteArray

trustedCaCertsPemText get concatenated string of all trusted CA certificates

Return type:

QByteArray

Returns:

bye array with all PEM encoded trusted CAs

New in version 3.0.

uniqueConfigId(self) str

Gets a unique generated 7-character string to assign to as config id

Return type:

str

untrustedCaCerts(self, trustedCAs: Iterable[QSslCertificate] = []) List[QSslCertificate]

untrustedCaCerts get list of untrusted certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificates

New in version 3.0.

Parameters:

trustedCAs (Iterable[QSslCertificate] = []) –

updateAuthenticationConfig(self, config: QgsAuthMethodConfig) bool

Update an authentication config in the database

Parameters:

config (QgsAuthMethodConfig) – Associated authentication config id

Return type:

bool

Returns:

Whether operation succeeded

updateConfigAuthMethods(self)

Sync the confg/authentication method cache with what is in database

updateDataSourceUriItems(self, connectionItems: Iterable[str], authcfg: str, dataprovider: str = '') Tuple[bool, List[str]]

Provider call to update a QgsDataSourceUri with an authentication config

Parameters:
  • connectionItems (Iterable[str]) – The connection items, e.g. username=myname, of QgsDataSourceUri

  • authcfg (str) – Associated authentication config id

  • dataprovider (str = '') – Provider key filter, offering logic branching in authentication method

Return type:

Tuple[bool, List[str]]

Returns:

Whether operation succeeded

updateIgnoredSslErrorsCache(self, shahostport: str, errors: Iterable[QSslError]) bool

Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key

Parameters:
  • shahostport (str) –

  • errors (Iterable[QSslError]) –

Return type:

bool

updateIgnoredSslErrorsCacheFromConfig(self, config: QgsAuthConfigSslServer) bool

Update ignored SSL error cache with possible ignored SSL errors, using server config

Parameters:

config (QgsAuthConfigSslServer) –

Return type:

bool

updateNetworkProxy(self, proxy: QNetworkProxy, authcfg: str, dataprovider: str = '') Tuple[bool, QNetworkProxy]

Provider call to update a QNetworkProxy with an authentication config

Parameters:
  • proxy (QNetworkProxy) – the QNetworkProxy

  • authcfg (str) – Associated authentication config id

  • dataprovider (str = '') – Provider key filter, offering logic branching in authentication method

Return type:

Tuple[bool, QNetworkProxy]

Returns:

Whether operation succeeded

updateNetworkReply(self, reply: QNetworkReply, authcfg: str, dataprovider: str = '') bool

Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.)

Parameters:
  • reply (QNetworkReply) – The QNetworkReply

  • authcfg (str) – Associated authentication config id

  • dataprovider (str = '') – Provider key filter, offering logic branching in authentication method

Return type:

bool

Returns:

Whether operation succeeded

updateNetworkRequest(self, request: QNetworkRequest, authcfg: str, dataprovider: str = '') Tuple[bool, QNetworkRequest]

Provider call to update a QNetworkRequest with an authentication config

Parameters:
  • request (QNetworkRequest) – The QNetworkRequest

  • authcfg (str) – Associated authentication config id

  • dataprovider (str = '') – Provider key filter, offering logic branching in authentication method

Return type:

Tuple[bool, QNetworkRequest]

Returns:

Whether operation succeeded

verifyMasterPassword(self, compare: str = '') bool

Verify the supplied master password against any existing hash in authentication database

Note

Do not emit verification signals when only comparing

Parameters:

compare (str = '') – Password to compare against

Return type:

bool