Class: QgsAuthConfigurationStorage

Abstract class that defines the interface for all authentication configuration storage implementations.

Added in version 3.40.

Note

This is an abstract class, with methods which must be implemented by a subclass.

The following methods must be implemented: SIP_THROW(), authMethodConfigs(), authSettingExists(), certAuthorityExists(), certIdentityExists(), certTrustPolicyExists(), description(), id(), isReady(), loadAuthSetting(), loadCertTrustPolicy(), loadMethodConfig(), methodConfigExists(), name(), removeAuthSetting(), removeCertAuthority(), removeCertIdentity(), removeCertTrustPolicy(), removeMethodConfig(), removeSslCertCustomConfig(), settingsParameters(), sslCertCustomConfigExists(), storeAuthSetting(), storeCertAuthority(), storeCertIdentity(), storeCertTrustPolicy(), storeMasterPassword(), storeMethodConfig(), storeSslCertCustomConfig(), type()

Class Hierarchy

Inheritance diagram of qgis.core.QgsAuthConfigurationStorage

Base classes

QObject

Subclasses

QgsAuthConfigurationStorageDb

QSqlDatabase based implementation of QgsAuthConfigurationStorage.

Abstract Methods

authMethodConfigs

Returns a mapping of authentication configurations available from this storage.

authSettingExists

Check if an authentication setting exists in the storage.

certAuthorityExists

Check if a certificate authority exists

certIdentityExists

Check if the certificate identity exists

certTrustPolicyExists

Check if certificate trust policy exists

description

Returns a human readable localized description of the storage implementation (e.g. "Store credentials in a local SQLite database").

id

Returns the unique identifier of the storage object.

isReady

Returns True is the storage is ready to be used.

loadAuthSetting

Load an authentication setting from the storage.

loadCertTrustPolicy

Load certificate trust policy

loadMethodConfig

Load an authentication configuration from the database.

methodConfigExists

Check if an authentication configuration exists in the storage.

name

Returns a human readable localized short name of the storage implementation (e.g "SQLite").

removeAuthSetting

Remove an authentication setting from the storage.

removeCertAuthority

Remove a certificate authority

removeCertIdentity

Remove a certificate identity from the storage.

removeCertTrustPolicy

Remove certificate trust policy

removeMethodConfig

Removes the authentication configuration with the specified id.

removeSslCertCustomConfig

Remove an SSL certificate custom config

settingsParameters

Returns a list of the settings accepted by the storage.

sslCertCustomConfigExists

Check if SSL certificate custom config exists

storeAuthSetting

Store an authentication setting in the storage.

storeCertAuthority

Store a certificate authority

storeCertIdentity

Store a certificate identity in the storage.

storeCertTrustPolicy

Store certificate trust policy

storeMasterPassword

Store a master password in the database.

storeMethodConfig

Store an authentication config in the database.

storeSslCertCustomConfig

Store an SSL certificate custom config

type

Returns the type of the storage implementation.

Methods

authMethodConfigsWithPayload

Returns a mapping of authentication configurations available from this storage.

caCerts

Returns the list of CA certificates in the storage

caCertsPolicy

Returns the map of CA certificates hashes in the storages and their trust policy.

capabilities

Returns the capabilities of the storage.

certAuthorityIds

Returns the list of certificate authority IDs in the storage.

certIdentities

certIdentities get certificate identities

certIdentityIds

certIdentityIds get list of certificate identity ids from database

clearMasterPasswords

Remove all master passwords from the database.

clearMethodConfigs

Remove all authentications configurations from the storage.

erase

Completely erase the storage removing all configurations/certs/settings etc.

isEnabled

Returns True if the storage is enabled.

isEncrypted

Returns True if the storage is encrypted.

loadCertAuthority

certAuthority get a certificate authority by id (sha hash)

loadCertIdentity

certIdentity get a certificate identity by id (sha hash)

loadCertIdentityBundle

Returns a certificate identity bundle by id (sha hash).

loadSslCertCustomConfig

Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)

loadSslCertCustomConfigByHost

Loads an SSL certificate custom config by hostport (host:port)

masterPasswords

Returns the list of (encrypted) master passwords stored in the database.

setCapabilities

Set the capabilities of the storage to capabilities.

setEnabled

Set the storage enabled status to enabled.

setError

Set the last error message to error with message level level.

settings

Returns the settings of the storage.

sslCertCustomConfigIds

Returns the list of SSL certificate custom config ids.

sslCertCustomConfigs

sslCertCustomConfigs get SSL certificate custom configs

Virtual Methods

In PyQGIS, only methods marked as virtual can be safely overridden in a Python subclass of QgsAuthConfigurationStorage. See the FAQ for more details.

initialize

Initializes the storage.

isReadOnly

Returns True if the storage is read-only, False otherwise.

lastError

Returns the last error message.

loggerTag

Returns the logger tag for the storage.

setReadOnly

Utility method to unset all editing capabilities.

Signals

authSettingsChanged

Emitted when the storage auth settings table was changed.

certAuthorityChanged

Emitted when the storage cert authority table was changed.

certIdentityChanged

Emitted when the storage cert identity table was changed.

masterPasswordChanged

Emitted when the storage master password table was changed.

messageLog

Custom logging signal to relay to console output and QgsMessageLog

methodConfigChanged

Emitted when the storage method config table was changed.

readOnlyChanged

Emitted when the storage read-only status was changed.

sslCertCustomConfigChanged

Emitted when the storage ssl cert custom config table was changed.

sslCertTrustPolicyChanged

Emitted when the storage ssl cert trust policy table was changed.

storageChanged

Emitted when the storage was updated.
class qgis.core.QgsAuthConfigurationStorage[source]

Bases: QObject

__init__(settings: Dict[str | None, Any])

Creates a new authentication configuration storage.

Parameters:

settings (Dict[Optional[str], Any]) – Implementation-specific configuration settings.

class MasterPasswordConfig

Bases: object

Structure that holds the (encrypted) master password elements.

civ
hash
salt
class SettingParameter

Bases: object

Storage configuration setting parameter.

description
name
type
abstract authMethodConfigs(self, allowedMethods: Iterable[str | None] = []) Dict[str, QgsAuthMethodConfig][source]

Returns a mapping of authentication configurations available from this storage.

Parameters:

allowedMethods (Iterable[Optional[str]] = []) – Optional filter to return only configurations for specific authentication methods.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

Return type:

Dict[str, QgsAuthMethodConfig]

authMethodConfigsWithPayload(self) Dict[str, QgsAuthMethodConfig][source]

Returns a mapping of authentication configurations available from this storage. The encrypted payload is added to the configuration as “encrypted_payload” key.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage

Note

This convenience method is used by the authentication manager to retrieve the configurations and check if it can decrypt all of them, it is faster than retrieve all the configurations one by one.

Return type:

Dict[str, QgsAuthMethodConfig]

abstract authSettingExists(self, key: str | None) bool[source]

Check if an authentication setting exists in the storage.

Parameters:

key (Optional[str]) – Setting key.

Return type:

bool

Returns:

True if the setting exists, False otherwise.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

signal authSettingsChanged[source]

Emitted when the storage auth settings table was changed.

caCerts(self) List[QSslCertificate]

Returns the list of CA certificates in the storage

Return type:

List[QSslCertificate]

Returns:

list of CA certificates

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

caCertsPolicy(self) Dict[str, QgsAuthCertUtils.CertTrustPolicy]

Returns the map of CA certificates hashes in the storages and their trust policy.

Return type:

Dict[str, QgsAuthCertUtils.CertTrustPolicy]

Returns:

map of CA certificates hashes and their trust policy

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

capabilities(self) Qgis.AuthConfigurationStorageCapabilities[source]

Returns the capabilities of the storage.

Return type:

Qgis.AuthConfigurationStorageCapabilities

signal certAuthorityChanged[source]

Emitted when the storage cert authority table was changed.

abstract certAuthorityExists(self, cert: QSslCertificate) bool[source]

Check if a certificate authority exists

Parameters:

cert (QSslCertificate) – Certificate authority

Return type:

bool

Returns:

True if the certificate authority exists, False otherwise

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

certAuthorityIds(self) List[str][source]

Returns the list of certificate authority IDs in the storage.

Return type:

List[str]

Returns:

list of certificate authority IDs

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

certIdentities(self) List[QSslCertificate]

certIdentities get certificate identities

Return type:

List[QSslCertificate]

Returns:

list of certificates

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

signal certIdentityChanged[source]

Emitted when the storage cert identity table was changed.

abstract certIdentityExists(self, id: str | None) bool[source]

Check if the certificate identity exists

Parameters:

id (Optional[str]) – Certificate identity id

Return type:

bool

Returns:

True if the certificate identity exists, False otherwise

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

certIdentityIds(self) List[str][source]

certIdentityIds get list of certificate identity ids from database

Return type:

List[str]

Returns:

list of certificate ids

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract certTrustPolicyExists(self, cert: QSslCertificate) bool[source]

Check if certificate trust policy exists

Parameters:

cert (QSslCertificate) – Certificate

Return type:

bool

Returns:

True if the certificate trust policy exists, False otherwise

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

clearMasterPasswords(self) bool[source]

Remove all master passwords from the database.

Return type:

bool

Returns:

True if operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

clearMethodConfigs(self) bool[source]

Remove all authentications configurations from the storage.

Return type:

bool

Returns:

True if authentications configurations were removed, False otherwise.

Note

This method does not remove certificate and other assets.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract description(self) str[source]

Returns a human readable localized description of the storage implementation (e.g. “Store credentials in a local SQLite database”). This description is displayed to the user.

Return type:

str

erase(self) bool[source]

Completely erase the storage removing all configurations/certs/settings etc.

Return type:

bool

Returns:

True if storage was completely erased, False if any error occurred.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage (e.g. the storage is read-only).

abstract id(self) str[source]

Returns the unique identifier of the storage object. The id is used to uniquely identify the storage object (e.g. the path or the connection URI to a storage configuration).

Return type:

str

virtual initialize(self) bool[source]

Initializes the storage.

Return type:

bool

Returns:

True if the storage was successfully initialized, False otherwise. If the storage is already initialized, this method does nothing and returns True.

Note

The default implementation does nothing and returns True. This method is called by the authentication manager when the storage is added to the manager.

isEnabled(self) bool[source]

Returns True if the storage is enabled.

Return type:

bool

isEncrypted(self) bool[source]

Returns True if the storage is encrypted.

Return type:

bool

virtual isReadOnly(self) bool[source]

Returns True if the storage is read-only, False otherwise.

See also

setReadOnly()

Return type:

bool

abstract isReady(self) bool[source]

Returns True is the storage is ready to be used.

Note

This method should be called after the initialize() method to check whether the initialization was properly completed.

Return type:

bool

virtual lastError(self) str[source]

Returns the last error message.

Return type:

str

abstract loadAuthSetting(self, key: str | None) str[source]

Load an authentication setting from the storage.

Parameters:

key (Optional[str]) – Setting key.

Return type:

str

Returns:

Setting value.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

loadCertAuthority(self, id: str | None) QSslCertificate[source]

certAuthority get a certificate authority by id (sha hash)

Parameters:

id (Optional[str]) – sha hash

Return type:

QSslCertificate

Returns:

a (possibly empty) certificate

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

loadCertIdentity(self, id: str | None) QSslCertificate[source]

certIdentity get a certificate identity by id (sha hash)

Parameters:

id (Optional[str]) – sha hash of the cert

Return type:

QSslCertificate

Returns:

the certificate

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

loadCertIdentityBundle(self, id: str | None) Tuple[QSslCertificate, str]

Returns a certificate identity bundle by id (sha hash).

Parameters:

id (Optional[str]) – sha shash

Return type:

Tuple[QSslCertificate, str]

Returns:

a pair with the certificate and its SSL key as an encrypted string

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract loadCertTrustPolicy(self, cert: QSslCertificate) QgsAuthCertUtils.CertTrustPolicy[source]

Load certificate trust policy

Parameters:

cert (QSslCertificate) – Certificate

Return type:

QgsAuthCertUtils.CertTrustPolicy

Returns:

Trust policy

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract loadMethodConfig(self, id: str | None, full: bool = False)[source]

Load an authentication configuration from the database.

Parameters:

  • id (Optional[str]) – Configuration id.

  • full (bool = False) -> (QgsAuthMethodConfig) – If True, the full configuration is loaded and the (possibly encrypted) payload is populated, otherwise only the configuration metadata is loaded.

Returns:

  • Authentication configuration metadata.

  • payload: (possibly encrypted) payload.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

loadSslCertCustomConfig(self, id: str | None, hostport: str | None) QgsAuthConfigSslServer[source]

Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)

Parameters:

  • id (Optional[str]) – sha hash

  • hostport (Optional[str]) – string host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

loadSslCertCustomConfigByHost(self, hostport: str | None) QgsAuthConfigSslServer[source]

Loads an SSL certificate custom config by hostport (host:port)

Parameters:

hostport (Optional[str]) – host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

virtual loggerTag(self) str[source]

Returns the logger tag for the storage. The default implementation returns the literal “Auth storage” followed by the storage name.

Return type:

str

signal masterPasswordChanged[source]

Emitted when the storage master password table was changed.

masterPasswords(self) List[QgsAuthConfigurationStorage.MasterPasswordConfig]

Returns the list of (encrypted) master passwords stored in the database.

Return type:

List[QgsAuthConfigurationStorage.MasterPasswordConfig]

Returns:

list of master passwords

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

signal messageLog(message: str, tag: str = QStringLiteral('Authentication'), level: Qgis.MessageLevel = Qgis.MessageLevel.Info)[source]

Custom logging signal to relay to console output and QgsMessageLog

Parameters:

  • message (str) – Message to send

  • tag (str = QStringLiteral( "Authentication" )) – Associated tag (title)

  • level (Qgis.MessageLevel = Qgis.MessageLevel.Info) – Message log level

See also

QgsMessageLog

signal methodConfigChanged[source]

Emitted when the storage method config table was changed.

abstract methodConfigExists(self, id: str | None) bool[source]

Check if an authentication configuration exists in the storage.

Parameters:

id (Optional[str]) – Configuration id.

Return type:

bool

Returns:

True if the configuration exists, False otherwise.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract name(self) str[source]

Returns a human readable localized short name of the storage implementation (e.g “SQLite”). This name is displayed to the user and used to identify the storage implementation.

Return type:

str

signal readOnlyChanged(readOnly: bool)[source]

Emitted when the storage read-only status was changed.

Parameters:

readOnly (bool)

abstract removeAuthSetting(self, key: str | None) bool[source]

Remove an authentication setting from the storage.

Parameters:

key (Optional[str]) – Setting key.

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeCertAuthority(self, cert: QSslCertificate) bool[source]

Remove a certificate authority

Parameters:

cert (QSslCertificate) – Certificate authority

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeCertIdentity(self, cert: QSslCertificate) bool[source]

Remove a certificate identity from the storage.

Parameters:

cert (QSslCertificate) – Certificate.

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeCertIdentity(self, id: str | None) bool[source]

Remove a certificate identity from the storage.

Parameters:

id (Optional[str]) – Certificate identity id

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeCertTrustPolicy(self, cert: QSslCertificate) bool[source]

Remove certificate trust policy

Parameters:

cert (QSslCertificate) – Certificate

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract removeMethodConfig(self, id: str | None) bool[source]

Removes the authentication configuration with the specified id.

Return type:

bool

Returns:

True if the configuration was removed, False otherwise.

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

Parameters:

id (Optional[str])

abstract removeSslCertCustomConfig(self, id: str | None, hostport: str | None) bool[source]

Remove an SSL certificate custom config

Parameters:

  • id (Optional[str]) – sha hash

  • hostport (Optional[str]) – host:port

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

setCapabilities(self, capabilities: Qgis.AuthConfigurationStorageCapabilities | Qgis.AuthConfigurationStorageCapability)[source]

Set the capabilities of the storage to capabilities.

Parameters:

capabilities (Union[Qgis.AuthConfigurationStorageCapabilities, Qgis.AuthConfigurationStorageCapability])

setEnabled(self, enabled: bool)[source]

Set the storage enabled status to enabled.

Note

This is a user-controlled setting: the storage may be enabled but not ready to be used.

Parameters:

enabled (bool)

setError(self, error: str | None, level: Qgis.MessageLevel = Qgis.MessageLevel.Critical)[source]

Set the last error message to error with message level level.

Parameters:

  • error (Optional[str])

  • level (Qgis.MessageLevel = Qgis.MessageLevel.Critical)

virtual setReadOnly(self, readOnly: bool)[source]

Utility method to unset all editing capabilities.

Note

This method does not alter existing capabilities, make sure subclasses recompute capabilities if needed.

Parameters:

readOnly (bool)

settings(self) Dict[str, Any]

Returns the settings of the storage.

Return type:

Dict[str, Any]

abstract settingsParameters(self) List[QgsAuthConfigurationStorage.SettingParameter]

Returns a list of the settings accepted by the storage.

Return type:

List[QgsAuthConfigurationStorage.SettingParameter]

signal sslCertCustomConfigChanged[source]

Emitted when the storage ssl cert custom config table was changed.

abstract sslCertCustomConfigExists(self, id: str | None, hostport: str | None) bool[source]

Check if SSL certificate custom config exists

Parameters:

  • id (Optional[str]) – sha hash

  • hostport (Optional[str]) – host:port

Return type:

bool

Returns:

True if the SSL certificate custom config exists, False otherwise

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

sslCertCustomConfigIds(self) List[str][source]

Returns the list of SSL certificate custom config ids.

Return type:

List[str]

Returns:

list of SSL certificate custom config ids

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

sslCertCustomConfigs(self) List[QgsAuthConfigSslServer]

sslCertCustomConfigs get SSL certificate custom configs

Return type:

List[QgsAuthConfigSslServer]

Returns:

list of SSL certificate custom config

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

signal sslCertTrustPolicyChanged[source]

Emitted when the storage ssl cert trust policy table was changed.

signal storageChanged(id: str)[source]

Emitted when the storage was updated.

Parameters:

id (str) – The storage id

Note

This is a generic changed signal and it is normally emitted together with the dedicated signals which are provided for specific changes on the individual tables.

abstract storeAuthSetting(self, key: str | None, value: str | None) bool[source]

Store an authentication setting in the storage.

Parameters:

  • key (Optional[str]) – Setting key.

  • value (Optional[str]) – Setting value.

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeCertAuthority(self, cert: QSslCertificate) bool[source]

Store a certificate authority

Parameters:

cert (QSslCertificate) – Certificate authority

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeCertIdentity(self, cert: QSslCertificate, keyPem: str | None) bool[source]

Store a certificate identity in the storage.

Parameters:

  • cert (QSslCertificate) – Certificate.

  • keyPem (Optional[str]) – SSL key in PEM format.

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeCertTrustPolicy(self, cert: QSslCertificate, policy: QgsAuthCertUtils.CertTrustPolicy) bool[source]

Store certificate trust policy

Parameters:
Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeMasterPassword(self, config: QgsAuthConfigurationStorage.MasterPasswordConfig) bool[source]

Store a master password in the database.

Parameters:

config (QgsAuthConfigurationStorage.MasterPasswordConfig) – Master password configuration.

Return type:

bool

Returns:

True if operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeMethodConfig(self, config: QgsAuthMethodConfig, payload: str | None) bool[source]

Store an authentication config in the database.

Parameters:

  • config (QgsAuthMethodConfig) – Authentication configuration.

  • payload (Optional[str]) – payload to store (possibly encrypted).

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract storeSslCertCustomConfig(self, config: QgsAuthConfigSslServer) bool[source]

Store an SSL certificate custom config

Parameters:

config (QgsAuthConfigSslServer) – SSL certificate custom config

Return type:

bool

Returns:

Whether operation succeeded

Raises:

QgsNotSupportedException – if the operation is not supported by the storage.

abstract type(self) str[source]

Returns the type of the storage implementation. The type is used to identify the storage implementation internally (e.g. “sqlite”). A valid type must be ASCII alphanumeric and contain no spaces.

Return type:

str