Class: QgsAuthManager

Singleton which offers an interface to manage the authentication configuration database and to utilize configurations through various authentication method plugins.

QgsAuthManager should not usually be directly created, but rather accessed through QgsApplication.authManager().

Class Hierarchy

Inheritance diagram of qgis.core.QgsAuthManager

Base classes

QObject

Methods

authConfigurationStorageRegistry

Returns the authentication configuration storage registry.

authDatabaseConfigTable

Name of the authentication database table that stores configs

authDatabaseConnection

Sets up the application instance of the authentication database connection

authDatabaseServersTable

Name of the authentication database table that stores server exceptions/configs

authManTag

Simple text tag describing authentication system for message logs

authMethod

Gets authentication method from the config/provider cache via its key

authMethodEditWidget

Gets authentication method edit widget via its key

authMethodsKeys

Gets keys of supported authentication methods

authSetting

Returns a previously set authentication setting.

authenticationDatabasePath

The standard authentication database file in ~/.qgis3/ or defined location

authenticationDatabaseUri

Returns the authentication database connection URI.

authenticationDatabaseUriStripped

Returns the authentication database connection URI with the password stripped.

availableAuthMethodConfigs

Gets mapping of authentication config ids and their base configs (not decrypted data)

backupAuthenticationDatabase

Close connection to current authentication database and back it up

certAuthority

certAuthority get a certificate authority by id (sha hash)

certIdentities

certIdentities get certificate identities

certIdentity

certIdentity get a certificate identity by id (sha hash)

certIdentityBundleToPem

certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text

certIdentityIds

certIdentityIds get list of certificate identity ids from database

certTrustCache

certTrustCache get cache of certificate sha1s, per trust policy

certTrustPolicy

certTrustPolicy get whether certificate cert is trusted by user

certificateTrustPolicy

certificateTrustPolicy get trust policy for a particular certificate cert

clearAllCachedConfigs

Clear all authentication configs from authentication method caches

clearCachedConfig

Clear an authentication config from its associated authentication method cache

clearMasterPassword

Clear supplied master password

configAuthMethod

Gets authentication method from the config/provider cache

configAuthMethodKey

Gets key of authentication method associated with config ID

configIdRegex

Returns the regular expression for authcfg=.{7} key/value token for authentication ids

configIdUnique

Verify if provided authentication id is unique

configIds

Gets list of authentication ids from database

databaseCAs

databaseCAs get database-stored certificate authorities

defaultCertTrustPolicy

Gets the default certificate trust policy preferred by user

disabledMessage

Standard message for when QCA's qca-ossl plugin is missing and system is disabled

dumpIgnoredSslErrorsCache_

Utility function to dump the cache for debug purposes

ensureInitialized

Performs lazy initialization of the authentication framework, if it has not already been done.

eraseAuthenticationDatabase

Erase all rows from all tables in authentication database

existsAuthSetting

Check if an authentication setting exists

existsCertAuthority

Check if a certificate authority exists

existsCertIdentity

Check if a certificate identity exists

existsSslCertCustomConfig

Check if SSL certificate custom config exists

exportAuthenticationConfigsToXml

Export authentication configurations to an XML file

extraFileCAs

extraFileCAs extra file-based certificate authorities

importAuthenticationConfigsFromXml

Import authentication configurations from an XML file

init

init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database

initSslCaches

Initialize various SSL authentication caches

isDisabled

Whether QCA has the qca-ossl plugin, which a base run-time requirement

loadAuthenticationConfig

Load an authentication config from the database into subclass

mappedDatabaseCAs

mappedDatabaseCAs get sha1-mapped database-stored certificate authorities

masterPasswordHashInDatabase

Verify a password hash existing in authentication database

masterPasswordIsSet

Whether master password has be input and verified, i.e. authentication database is accessible.

masterPasswordSame

Check whether supplied password is the same as the one already set

methodConfigTableName

Returns the database table from the first ready storage that stores authentication configs, or an empty string if none available.

passwordHelperSync

Store the password manager into the wallet

rebuildCaCertsCache

Rebuild certificate authority cache

rebuildCertTrustCache

Rebuild certificate authority cache

rebuildIgnoredSslErrorCache

Rebuild ignoredSSL error cache

rebuildTrustedCaCertsCache

Rebuild trusted certificate authorities cache

registerCoreAuthMethods

Instantiate and register existing C++ core authentication methods from plugins

removeAllAuthenticationConfigs

Clear all authentication configs from table in database and from provider caches

removeAuthSetting

Remove an authentication setting

removeAuthenticationConfig

Remove an authentication config in the database

removeCertAuthority

Remove a certificate authority

removeCertIdentity

Remove a certificate identity

removeCertTrustPolicies

Remove a group certificate authorities

removeCertTrustPolicy

Remove a certificate authority

removeSslCertCustomConfig

Remove an SSL certificate custom config

resetMasterPassword

Reset the master password to a new one, then re-encrypts all previous configs with the new password.

setDefaultCertTrustPolicy

Sets the default certificate trust policy preferred by user

setMasterPassword

Main call to initially set or continually check master password is set

setPasswordHelperEnabled

Password helper enabled setter

setScheduledAuthDatabaseEraseRequestEmitted

Re-emit a signal to schedule an optional erase of authentication database.

setup

Sets up the authentication manager configuration.

sslCertCustomConfig

sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)

sslCertCustomConfigByHost

sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)

sslCertCustomConfigs

sslCertCustomConfigs get SSL certificate custom configs

storeAuthSetting

Stores an authentication setting.

storeAuthenticationConfig

Store an authentication config in the database

storeCertAuthorities

Store multiple certificate authorities

storeCertAuthority

Store a certificate authority

storeCertIdentity

Store a certificate identity

storeCertTrustPolicy

Store user trust value for a certificate

storeSslCertCustomConfig

Store an SSL certificate custom config

supportedAuthMethodExpansions

Gets supported authentication method expansion(s), e.g. NetworkRequest | DataSourceURI, as flags.

systemRootCAs

systemRootCAs get root system certificate authorities

trustedCaCerts

trustedCaCerts get list of all trusted CA certificates

trustedCaCertsCache

trustedCaCertsCache cache of trusted certificate authorities, ready for network connections

trustedCaCertsPemText

trustedCaCertsPemText get concatenated string of all trusted CA certificates

uniqueConfigId

Gets a unique generated 7-character string to assign to as config id

untrustedCaCerts

untrustedCaCerts get list of untrusted certificate authorities

updateAuthenticationConfig

Update an authentication config in the database

updateConfigAuthMethods

Sync the confg/authentication method cache with what is in database

updateDataSourceUriItems

Provider call to update a QgsDataSourceUri with an authentication config

updateIgnoredSslErrorsCache

Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key

updateIgnoredSslErrorsCacheFromConfig

Update ignored SSL error cache with possible ignored SSL errors, using server config

updateNetworkProxy

Provider call to update a QNetworkProxy with an authentication config

updateNetworkReply

Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.)

updateNetworkRequest

Provider call to update a QNetworkRequest with an authentication config

verifyMasterPassword

Verify the supplied master password against any existing hash in authentication database

Static Methods

hasConfigId

Returns whether a string includes an authcfg ID token

isFilesystemBasedDatabase

Returns the True if the uri is a filesystem-based database (SQLite).

passwordHelperDisplayName

Returns a translated display name of the password helper (platform dependent).

passwordHelperEnabled

Password helper enabled getter

Signals

authDatabaseChanged

Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.

authDatabaseEraseRequested

Emitted when a user has indicated they may want to erase the authentication db.

masterPasswordVerified

Emitted when a password has been verify (or not)

messageLog

Custom logging signal to relay to console output and QgsMessageLog

messageOut

Custom logging signal to relay to console output and QgsMessageLog

passwordHelperFailure

Signals emitted on password helper failure, mainly used in the tests to exit main application loop

passwordHelperMessageLog

Custom logging signal to inform the user about master password <-> password manager interactions

passwordHelperMessageOut

Custom logging signal to inform the user about master password <-> password manager interactions

passwordHelperSuccess

Signals emitted on password helper success, mainly used in the tests to exit main application loop

Attributes

AUTH_MAN_TAG

The display name of the Authentication Manager

AUTH_PASSWORD_HELPER_DISPLAY_NAME

The display name of the password helper (platform dependent).

CRITICAL

INFO

WARNING

class qgis.core.QgsAuthManager[source]

Bases: QObject

AUTH_MAN_TAG: str = 'Authentication Manager'

The display name of the Authentication Manager

AUTH_PASSWORD_HELPER_DISPLAY_NAME: str = 'Wallet/KeyRing'

The display name of the password helper (platform dependent).

This is deprecated, use passwordHelperDisplayName() instead.

CRITICAL = 2
INFO = 0
class MessageLevel

Bases: int

WARNING = 1
authConfigurationStorageRegistry(self) QgsAuthConfigurationStorageRegistry | None[source]

Returns the authentication configuration storage registry.

Added in version 3.40.

Return type:

Optional[QgsAuthConfigurationStorageRegistry]

signal authDatabaseChanged[source]

Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.

authDatabaseConfigTable(self) str[source]

Name of the authentication database table that stores configs

Deprecated since version 3.40: Direct access to the DB is not allowed, use methodConfigTableName() instead.

Return type:

str

authDatabaseConnection(self) QSqlDatabase[source]

Sets up the application instance of the authentication database connection

Deprecated since version 3.40: Direct access to the DB is not allowed, use QgsAuthConfigurationStorage API instead.

Return type:

QSqlDatabase

signal authDatabaseEraseRequested[source]

Emitted when a user has indicated they may want to erase the authentication db.

authDatabaseServersTable(self) str[source]

Name of the authentication database table that stores server exceptions/configs

Deprecated since version 3.40: Direct access to the DB is not allowed, use QgsAuthConfigurationStorage API instead.

Return type:

str

authManTag(self) str[source]

Simple text tag describing authentication system for message logs

Return type:

str

authMethod(self, authMethodKey: str | None) QgsAuthMethod | None[source]

Gets authentication method from the config/provider cache via its key

Parameters:

authMethodKey (Optional[str]) – Authentication method key

Return type:

Optional[QgsAuthMethod]

authMethodEditWidget(self, authMethodKey: str | None, parent: QWidget | None) QWidget | None[source]

Gets authentication method edit widget via its key

Parameters:

  • authMethodKey (Optional[str]) – Authentication method key

  • parent (Optional[QWidget]) – Parent widget

Return type:

Optional[QWidget]

authMethodsKeys(self, dataprovider: str | None = '') List[str][source]

Gets keys of supported authentication methods

Parameters:

dataprovider (Optional[str] = '')

Return type:

List[str]

authSetting(self, key: str | None, defaultValue: Any = None, decrypt: bool = False) Any[source]

Returns a previously set authentication setting.

The value will be retrieved as a string, regardless of the value type used when calling storeAuthSetting().

Parameters:

  • key (Optional[str]) – setting key

  • defaultValue (Any = None)

  • decrypt (bool = False) – if the value needs decrypted

Return type:

Any

Returns:

authentication setting string

See also

storeAuthSetting()

authenticationDatabasePath(self) str[source]

The standard authentication database file in ~/.qgis3/ or defined location

See also

QgsApplication.qgisAuthDatabaseFilePath()

Deprecated since version 3.40: Use authenticationDatabaseUri() instead.

Return type:

str

authenticationDatabaseUri(self) str[source]

Returns the authentication database connection URI.

Added in version 3.40.

Return type:

str

authenticationDatabaseUriStripped(self) str[source]

Returns the authentication database connection URI with the password stripped.

Added in version 3.40.

Return type:

str

availableAuthMethodConfigs(self, dataprovider: str | None = '') Dict[str, QgsAuthMethodConfig][source]

Gets mapping of authentication config ids and their base configs (not decrypted data)

Parameters:

dataprovider (Optional[str] = '')

Return type:

Dict[str, QgsAuthMethodConfig]

backupAuthenticationDatabase(self, backuppath: str | None | None = '')[source]

Close connection to current authentication database and back it up

Returns:

Path to backup

Parameters:

backuppath (Optional[Optional[str]] = '') -> (bool)

certAuthority(self, id: str | None) QSslCertificate[source]

certAuthority get a certificate authority by id (sha hash)

Parameters:

id (Optional[str]) – sha hash

Return type:

QSslCertificate

Returns:

a certificate

certIdentities(self) List[QSslCertificate]

certIdentities get certificate identities

Return type:

List[QSslCertificate]

Returns:

list of certificates

certIdentity(self, id: str | None) QSslCertificate[source]

certIdentity get a certificate identity by id (sha hash)

Parameters:

id (Optional[str]) – sha hash of the cert

Return type:

QSslCertificate

Returns:

the certificate

certIdentityBundleToPem(self, id: str | None) List[str][source]

certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text

Parameters:

id (Optional[str]) – sha hash

Return type:

List[str]

Returns:

a list of strings

certIdentityIds(self) List[str][source]

certIdentityIds get list of certificate identity ids from database

Return type:

List[str]

Returns:

list of certificate ids

certTrustCache(self) Dict[QgsAuthCertUtils.CertTrustPolicy, List[str]]

certTrustCache get cache of certificate sha1s, per trust policy

Return type:

Dict[QgsAuthCertUtils.CertTrustPolicy, List[str]]

Returns:

trust-policy-mapped certificate sha1s

certTrustPolicy(self, cert: QSslCertificate) QgsAuthCertUtils.CertTrustPolicy[source]

certTrustPolicy get whether certificate cert is trusted by user

Parameters:

cert (QSslCertificate)

Return type:

QgsAuthCertUtils.CertTrustPolicy

Returns:

DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy

certificateTrustPolicy(self, cert: QSslCertificate) QgsAuthCertUtils.CertTrustPolicy[source]

certificateTrustPolicy get trust policy for a particular certificate cert

Parameters:

cert (QSslCertificate)

Return type:

QgsAuthCertUtils.CertTrustPolicy

Returns:

DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy

clearAllCachedConfigs(self)[source]

Clear all authentication configs from authentication method caches

clearCachedConfig(self, authcfg: str | None)[source]

Clear an authentication config from its associated authentication method cache

Parameters:

authcfg (Optional[str])

clearMasterPassword(self)[source]

Clear supplied master password

Note

This will not necessarily clear authenticated connections cached in network connection managers

configAuthMethod(self, authcfg: str | None) QgsAuthMethod | None[source]

Gets authentication method from the config/provider cache

Parameters:

authcfg (Optional[str]) – Authentication config id

Return type:

Optional[QgsAuthMethod]

configAuthMethodKey(self, authcfg: str | None) str[source]

Gets key of authentication method associated with config ID

Parameters:

authcfg (Optional[str])

Return type:

str

configIdRegex(self) str[source]

Returns the regular expression for authcfg=.{7} key/value token for authentication ids

Return type:

str

configIdUnique(self, id: str | None) bool[source]

Verify if provided authentication id is unique

Parameters:

id (Optional[str]) – Id to check

Return type:

bool

configIds(self) List[str][source]

Gets list of authentication ids from database

Return type:

List[str]

databaseCAs(self) List[QSslCertificate]

databaseCAs get database-stored certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificate authorities

defaultCertTrustPolicy(self) QgsAuthCertUtils.CertTrustPolicy[source]

Gets the default certificate trust policy preferred by user

Return type:

QgsAuthCertUtils.CertTrustPolicy

disabledMessage(self) str[source]

Standard message for when QCA’s qca-ossl plugin is missing and system is disabled

Return type:

str

dumpIgnoredSslErrorsCache_(self)[source]

Utility function to dump the cache for debug purposes

ensureInitialized(self) bool[source]

Performs lazy initialization of the authentication framework, if it has not already been done.

See also

setup()

Added in version 3.40.

Return type:

bool

eraseAuthenticationDatabase(self, backup: bool, backuppath: str | None | None = '')[source]

Erase all rows from all tables in authentication database

Parameters:

  • backup (bool) – Whether to backup of current database

  • backuppath (Optional[Optional[str]] = '') -> (bool) – Where the backup is locate

Returns:

Whether operation succeeded

existsAuthSetting(self, key: str | None) bool[source]

Check if an authentication setting exists

Parameters:

key (Optional[str])

Return type:

bool

existsCertAuthority(self, cert: QSslCertificate) bool[source]

Check if a certificate authority exists

Parameters:

cert (QSslCertificate)

Return type:

bool

existsCertIdentity(self, id: str | None) bool[source]

Check if a certificate identity exists

Parameters:

id (Optional[str])

Return type:

bool

existsSslCertCustomConfig(self, id: str | None, hostport: str | None) bool[source]

Check if SSL certificate custom config exists

Parameters:

  • id (Optional[str])

  • hostport (Optional[str])

Return type:

bool

exportAuthenticationConfigsToXml(self, filename: str | None, authcfgs: Iterable[str | None], password: str | None = '') bool[source]

Export authentication configurations to an XML file

Parameters:

  • filename (Optional[str]) – The file path to save the XML content to

  • authcfgs (Iterable[Optional[str]]) – The list of configuration IDs to export

  • password (Optional[str] = '') – A password string to encrypt the XML content

Added in version 3.20.

Return type:

bool

extraFileCAs(self) List[QSslCertificate]

extraFileCAs extra file-based certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificate authorities

static hasConfigId(txt: str | None) bool[source]

Returns whether a string includes an authcfg ID token

Parameters:

txt (Optional[str]) – String to check

Return type:

bool

importAuthenticationConfigsFromXml(self, filename: str | None, password: str | None = '', overwrite: bool = False) bool[source]

Import authentication configurations from an XML file

Parameters:

  • filename (Optional[str]) – The file path from which the XML content will be read

  • password (Optional[str] = '') – A password string to decrypt the XML content

  • overwrite (bool = False) – If set to True, pre-existing authentication configurations will be overwritten

Added in version 3.20.

Return type:

bool

init(self, pluginPath: str | None = '', authDatabasePath: str | None = '') bool[source]

init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database

Parameters:

  • pluginPath (Optional[str] = '') – the plugin path

  • authDatabasePath (Optional[str] = '') – the authentication DB path

Return type:

bool

Returns:

True on success

See also

QgsApplication.pluginPath()

See also

QgsApplication.qgisAuthDatabaseFilePath()

Deprecated since version 3.36: Use setup() or ensureInitialized() instead.

initSslCaches(self) bool[source]

Initialize various SSL authentication caches

Return type:

bool

isDisabled(self) bool[source]

Whether QCA has the qca-ossl plugin, which a base run-time requirement

Return type:

bool

static isFilesystemBasedDatabase(uri: str | None) bool[source]

Returns the True if the uri is a filesystem-based database (SQLite).

Parameters:

uri (Optional[str])

Return type:

bool

loadAuthenticationConfig(self, authcfg: str | None, mconfig: QgsAuthMethodConfig, full: bool = False)[source]

Load an authentication config from the database into subclass

Parameters:

  • authcfg (Optional[str]) – Associated authentication config id

  • mconfig (QgsAuthMethodConfig) – Subclassed config to load into

  • full (bool = False) -> (bool) – Whether to decrypt and populate all sensitive data in subclass

Returns:

Whether operation succeeded

mappedDatabaseCAs(self) Dict[str, QSslCertificate]

mappedDatabaseCAs get sha1-mapped database-stored certificate authorities

Return type:

Dict[str, QSslCertificate]

Returns:

sha1-mapped certificate authorities

masterPasswordHashInDatabase(self) bool[source]

Verify a password hash existing in authentication database

Return type:

bool

masterPasswordIsSet(self) bool[source]

Whether master password has be input and verified, i.e. authentication database is accessible

Return type:

bool

masterPasswordSame(self, password: str | None) bool[source]

Check whether supplied password is the same as the one already set

Parameters:

password (Optional[str]) – Password to verify

Return type:

bool

signal masterPasswordVerified(verified: bool)[source]

Emitted when a password has been verify (or not)

Parameters:

verified (bool) – The state of password’s verification

signal messageLog[source]

Custom logging signal to relay to console output and QgsMessageLog

Parameters:

  • message – Message to send

  • tag – Associated tag (title)

  • level – Message log level

See also

QgsMessageLog

Added in version 3.40.

signal messageOut[source]

Custom logging signal to relay to console output and QgsMessageLog

Parameters:

  • message – Message to send

  • tag – Associated tag (title)

  • level – Message log level

See also

QgsMessageLog

Deprecated since version 3.40: Use messageLog() instead.

methodConfigTableName(self) str[source]

Returns the database table from the first ready storage that stores authentication configs, or an empty string if none available. The table is prefixed with schema and escaped if necessary.

Added in version 3.40.

Return type:

str

static passwordHelperDisplayName(titleCase: bool = False) str[source]

Returns a translated display name of the password helper (platform dependent).

If titleCase is True then a title case version of the string will be returned. Otherwise a mid-sentence case version will be returned.

Added in version 3.42.

Parameters:

titleCase (bool = False)

Return type:

str

static passwordHelperEnabled() bool[source]

Password helper enabled getter

Note

Available in Python bindings since QGIS 3.8.0

Return type:

bool

signal passwordHelperFailure[source]

Signals emitted on password helper failure, mainly used in the tests to exit main application loop

signal passwordHelperMessageLog(message: str, tag: str = QgsAuthManager.AUTH_MAN_TAG, level: Qgis.MessageLevel = Qgis.MessageLevel.Info)[source]

Custom logging signal to inform the user about master password <-> password manager interactions

Parameters:

  • message (str) – Message to send

  • tag (str = QgsAuthManager.AUTH_MAN_TAG) – Associated tag (title)

  • level (Qgis.MessageLevel = Qgis.MessageLevel.Info) – Message log level

See also

QgsMessageLog

Added in version 3.40.

signal passwordHelperMessageOut[source]

Custom logging signal to inform the user about master password <-> password manager interactions

Parameters:

  • message – Message to send

  • tag – Associated tag (title)

  • level – Message log level

See also

QgsMessageLog

Deprecated since version 3.40: Use passwordHelperMessageLog() instead.

signal passwordHelperSuccess[source]

Signals emitted on password helper success, mainly used in the tests to exit main application loop

passwordHelperSync(self) bool[source]

Store the password manager into the wallet

Note

Available in Python bindings since QGIS 3.8.0

Return type:

bool

rebuildCaCertsCache(self) bool[source]

Rebuild certificate authority cache

Return type:

bool

rebuildCertTrustCache(self) bool[source]

Rebuild certificate authority cache

Return type:

bool

rebuildIgnoredSslErrorCache(self) bool[source]

Rebuild ignoredSSL error cache

Return type:

bool

rebuildTrustedCaCertsCache(self) bool[source]

Rebuild trusted certificate authorities cache

Return type:

bool

registerCoreAuthMethods(self) bool[source]

Instantiate and register existing C++ core authentication methods from plugins

Return type:

bool

removeAllAuthenticationConfigs(self) bool[source]

Clear all authentication configs from table in database and from provider caches

Return type:

bool

Returns:

Whether operation succeeded

removeAuthSetting(self, key: str | None) bool[source]

Remove an authentication setting

Parameters:

key (Optional[str])

Return type:

bool

removeAuthenticationConfig(self, authcfg: str | None) bool[source]

Remove an authentication config in the database

Parameters:

authcfg (Optional[str]) – Associated authentication config id

Return type:

bool

Returns:

Whether operation succeeded

removeCertAuthority(self, cert: QSslCertificate) bool[source]

Remove a certificate authority

Parameters:

cert (QSslCertificate)

Return type:

bool

removeCertIdentity(self, id: str | None) bool[source]

Remove a certificate identity

Parameters:

id (Optional[str])

Return type:

bool

removeCertTrustPolicies(self, certs: Iterable[QSslCertificate]) bool[source]

Remove a group certificate authorities

Parameters:

certs (Iterable[QSslCertificate])

Return type:

bool

removeCertTrustPolicy(self, cert: QSslCertificate) bool[source]

Remove a certificate authority

Parameters:

cert (QSslCertificate)

Return type:

bool

removeSslCertCustomConfig(self, id: str | None, hostport: str | None) bool[source]

Remove an SSL certificate custom config

Parameters:

  • id (Optional[str])

  • hostport (Optional[str])

Return type:

bool

resetMasterPassword(self, newpass: str | None, oldpass: str | None, keepbackup: bool, backuppath: str | None | None = '')[source]

Reset the master password to a new one, then re-encrypts all previous configs with the new password.

Parameters:

  • newpass (Optional[str]) – New master password to replace existing

  • oldpass (Optional[str]) – Current master password to replace existing

  • keepbackup (bool) – Whether to keep the generated backup of current database (if using file-based storage)

  • backuppath (Optional[Optional[str]] = '') -> (bool) – Where the backup is located, if kept

setDefaultCertTrustPolicy(self, policy: QgsAuthCertUtils.CertTrustPolicy) bool[source]

Sets the default certificate trust policy preferred by user

Parameters:

policy (QgsAuthCertUtils.CertTrustPolicy)

Return type:

bool

setMasterPassword(self, verify: bool = False) bool[source]

Main call to initially set or continually check master password is set

Note

If it is not set, the user is asked for its input

Parameters:

verify (bool = False) – Whether password’s hash was saved in authentication database

Return type:

bool

setMasterPassword(self, password: str | None, verify: bool = False) bool[source]

Overloaded call to reset master password or set it initially without user interaction

Note

Only use this in trusted reset functions, unit tests or user/app setup scripts!

Parameters:

  • password (Optional[str]) – Password to use

  • verify (bool = False) – Whether password’s hash was saved in authentication database

Return type:

bool

setPasswordHelperEnabled(self, enabled: bool)[source]

Password helper enabled setter

Note

Available in Python bindings since QGIS 3.8.0

Parameters:

enabled (bool)

setScheduledAuthDatabaseEraseRequestEmitted(self, emitted: bool)[source]

Re-emit a signal to schedule an optional erase of authentication database.

Note

This can be called from the slot connected to a previously emitted scheduling signal, so that the slot can ask for another emit later, if the slot noticies the current GUI processing state is not ready for interacting with the user, e.g. project is still loading

Parameters:

emitted (bool) – Setting to False will cause signal to be emitted by the schedule timer. Setting to True will stop any emitting, but will not stop the schedule timer.

setup(self, pluginPath: str | None = '', authDatabasePath: str | None = '')[source]

Sets up the authentication manager configuration.

This method does not initialize the authentication framework, instead that is deferred to lazy-initialize when required.

Parameters:

  • pluginPath (Optional[str] = '') – the plugin path

  • authDatabasePath (Optional[str] = '') – the authentication DB URI (or just the file path for SQLite)

See also

ensureInitialized()

sslCertCustomConfig(self, id: str | None, hostport: str | None) QgsAuthConfigSslServer[source]

sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)

Parameters:

  • id (Optional[str]) – sha hash

  • hostport (Optional[str]) – string host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

sslCertCustomConfigByHost(self, hostport: str | None) QgsAuthConfigSslServer[source]

sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)

Parameters:

hostport (Optional[str]) – host:port

Return type:

QgsAuthConfigSslServer

Returns:

a SSL certificate custom config

sslCertCustomConfigs(self) List[QgsAuthConfigSslServer]

sslCertCustomConfigs get SSL certificate custom configs

Return type:

List[QgsAuthConfigSslServer]

Returns:

list of SSL certificate custom config

storeAuthSetting(self, key: str | None, value: Any, encrypt: bool = False) bool[source]

Stores an authentication setting.

The value will be stored as a string, using QVariant.toString().

See also

authSetting()

Parameters:

  • key (Optional[str])

  • value (Any)

  • encrypt (bool = False)

Return type:

bool

storeAuthenticationConfig(self, mconfig: QgsAuthMethodConfig, overwrite: bool = False)[source]

Store an authentication config in the database

Parameters:

  • mconfig (QgsAuthMethodConfig) – Associated authentication config id

  • overwrite (bool = False) -> (bool) – If set to True, pre-existing authentication configurations will be overwritten

Returns:

Whether operation succeeded

storeCertAuthorities(self, certs: Iterable[QSslCertificate]) bool[source]

Store multiple certificate authorities

Parameters:

certs (Iterable[QSslCertificate])

Return type:

bool

storeCertAuthority(self, cert: QSslCertificate) bool[source]

Store a certificate authority

Parameters:

cert (QSslCertificate)

Return type:

bool

storeCertIdentity(self, cert: QSslCertificate, key: QSslKey) bool[source]

Store a certificate identity

Parameters:

  • cert (QSslCertificate)

  • key (QSslKey)

Return type:

bool

storeCertTrustPolicy(self, cert: QSslCertificate, policy: QgsAuthCertUtils.CertTrustPolicy) bool[source]

Store user trust value for a certificate

Parameters:
Return type:

bool

storeSslCertCustomConfig(self, config: QgsAuthConfigSslServer) bool[source]

Store an SSL certificate custom config

Parameters:

config (QgsAuthConfigSslServer)

Return type:

bool

supportedAuthMethodExpansions(self, authcfg: str | None) QgsAuthMethod.Expansions[source]

Gets supported authentication method expansion(s), e.g. NetworkRequest | DataSourceURI, as flags

Parameters:

authcfg (Optional[str])

Return type:

QgsAuthMethod.Expansions

systemRootCAs() List[QSslCertificate]

systemRootCAs get root system certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificate authorities

trustedCaCerts(self, includeinvalid: bool = False) List[QSslCertificate]

trustedCaCerts get list of all trusted CA certificates

Parameters:

includeinvalid (bool = False) – whether invalid certs needs to be returned

Return type:

List[QSslCertificate]

Returns:

list of certificates

trustedCaCertsCache(self) List[QSslCertificate]

trustedCaCertsCache cache of trusted certificate authorities, ready for network connections

Return type:

List[QSslCertificate]

Returns:

list of certificates

trustedCaCertsPemText(self) QByteArray[source]

trustedCaCertsPemText get concatenated string of all trusted CA certificates

Return type:

QByteArray

Returns:

bye array with all PEM encoded trusted CAs

uniqueConfigId(self) str[source]

Gets a unique generated 7-character string to assign to as config id

Return type:

str

untrustedCaCerts(self, trustedCAs: Iterable[QSslCertificate] = []) List[QSslCertificate]

untrustedCaCerts get list of untrusted certificate authorities

Return type:

List[QSslCertificate]

Returns:

list of certificates

Parameters:

trustedCAs (Iterable[QSslCertificate] = [])

updateAuthenticationConfig(self, config: QgsAuthMethodConfig) bool[source]

Update an authentication config in the database

Parameters:

config (QgsAuthMethodConfig) – Associated authentication config id

Return type:

bool

Returns:

Whether operation succeeded

updateConfigAuthMethods(self)[source]

Sync the confg/authentication method cache with what is in database

updateDataSourceUriItems(self, connectionItems: Iterable[str | None], authcfg: str | None, dataprovider: str | None = '')[source]

Provider call to update a QgsDataSourceUri with an authentication config

Parameters:

  • connectionItems (Iterable[Optional[str]]) – The connection items, e.g. username=myname, of QgsDataSourceUri

  • authcfg (Optional[str]) – Associated authentication config id

  • dataprovider (Optional[str] = '') -> (bool) – Provider key filter, offering logic branching in authentication method

Returns:

Whether operation succeeded

updateIgnoredSslErrorsCache(self, shahostport: str | None, errors: Iterable[QSslError]) bool[source]

Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key

Parameters:

  • shahostport (Optional[str])

  • errors (Iterable[QSslError])

Return type:

bool

updateIgnoredSslErrorsCacheFromConfig(self, config: QgsAuthConfigSslServer) bool[source]

Update ignored SSL error cache with possible ignored SSL errors, using server config

Parameters:

config (QgsAuthConfigSslServer)

Return type:

bool

updateNetworkProxy(self, proxy: QNetworkProxy, authcfg: str | None, dataprovider: str | None = '')[source]

Provider call to update a QNetworkProxy with an authentication config

Parameters:

  • proxy (QNetworkProxy) – the QNetworkProxy

  • authcfg (Optional[str]) – Associated authentication config id

  • dataprovider (Optional[str] = '') -> (bool) – Provider key filter, offering logic branching in authentication method

Returns:

Whether operation succeeded

updateNetworkReply(self, reply: QNetworkReply | None, authcfg: str | None, dataprovider: str | None = '') bool[source]

Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.)

Parameters:

  • reply (Optional[QNetworkReply]) – The QNetworkReply

  • authcfg (Optional[str]) – Associated authentication config id

  • dataprovider (Optional[str] = '') – Provider key filter, offering logic branching in authentication method

Return type:

bool

Returns:

Whether operation succeeded

updateNetworkRequest(self, request: QNetworkRequest, authcfg: str | None, dataprovider: str | None = '')[source]

Provider call to update a QNetworkRequest with an authentication config

Parameters:

  • request (QNetworkRequest) – The QNetworkRequest

  • authcfg (Optional[str]) – Associated authentication config id

  • dataprovider (Optional[str] = '') -> (bool) – Provider key filter, offering logic branching in authentication method

Returns:

Whether operation succeeded

verifyMasterPassword(self, compare: str | None = '') bool[source]

Verify the supplied master password against any existing hash in authentication database

Note

Do not emit verification signals when only comparing

Parameters:

compare (Optional[str] = '') – Password to compare against

Return type:

bool