Settings

class nginx_ldap_auth.settings.Settings(_case_sensitive: bool | None = None, _env_prefix: str | None = None, _env_file: DotenvType | None = PosixPath('.'), _env_file_encoding: str | None = None, _env_nested_delimiter: str | None = None, _secrets_dir: str | Path | None = None, *, debug: bool = False, loglevel: Literal['NOTSET', 'DEBUG', 'INFO', 'WARN', 'ERROR', 'CRITICAL'] = 'INFO', log_type: Literal['json', 'text'] = 'text', auth_realm: str = 'Restricted', cookie_name: str = 'nginxauth', cookie_domain: str | None = None, secret_key: str, session_max_age: int = 0, use_rolling_session: bool = False, session_backend: Literal['redis', 'memory'] = 'memory', redis_url: Url[Url] | None = None, redis_prefix: str = 'nginx_ldap_auth.', ldap_uri: str, ldap_binddn: str, ldap_password: str, ldap_starttls: bool = True, ldap_disable_referrals: bool = False, ldap_basedn: str, ldap_username_attribute: str = 'uid', ldap_full_name_attribute: str = 'cn', ldap_get_user_filter: str = '{username_attribute}={username}', ldap_authorization_filter: str | None = None, ldap_timeout: int = 15, ldap_min_pool_size: int = 1, ldap_max_pool_size: int = 30, ldap_pool_connection_lifetime_seconds: int = 20, sentry_url: str | None = None)[source]

debug: bool: FastAPI debug mode

loglevel: Literal['NOTSET', 'DEBUG', 'INFO', 'WARN', 'ERROR', 'CRITICAL']: Default log level. Choose from any of the standard Python log levels.

log_type: Literal['json', 'text']: What format should we log in? Valid values are json and text

auth_realm: str: Use this as the title for the login form, to give a hint to the user as to what they’re logging into

cookie_name: str: The name of the cookie to set when a user authenticates

cookie_domain: str | None: The domain to use for our session cookie, if any.

secret_key: str: The secret key to use for session cookies

session_max_age: int: The maximum age of a session cookie in seconds

use_rolling_session: bool: Reset the session lifetime to session_max_age every time the user accesses the protected site

session_backend: Literal['redis', 'memory']

either redis or memory

Type:: Session type

redis_url: Url[Url] | None

If using the Redis session backend, the DSN on which to connect to Redis.

A fully specified Redis DSN looks like this:

redis://[username][:password]@host:port/db

The username is only necessary if you are using role-based access controls on your Redis server. Otherwise the password is sufficient if you have a server password for your Redis server.
If you don’t specify a database, 0 is used.
If you don’t specify a password, no password is used.
If you don’t specify a port, 6379 is used.

redis_prefix: str: If using the Redis session backend, the prefix to use for session keys

ldap_uri: str: The URI via which to connect to LDAP

ldap_binddn: str: The DN as which to bind to LDAP

ldap_password: str: The password to use when binding to LDAP when doing our searches

ldap_starttls: bool: Whether to use TLS when connecting to LDAP

ldap_disable_referrals: bool: Whether to disable LDAP referrals

ldap_basedn: str: The base DN under which to perform searches

ldap_username_attribute: str: The LDAP attribute to use as the username when searching for a user

ldap_full_name_attribute: str: The LDAP attribute to use as the full name when getting search results

ldap_get_user_filter: str

The LDAP search filter to use when searching for a user. This should be a valid LDAP search filter. The search will be a SUBTREE search with the base DN of ldap_basedn.

You may use these replacement fields in the filter:

{username_attribute}: the value of Settings.ldap_username_attribute
{username_full_name_attribute}: the value of Settings.ldap_full_name_attribute

Use {username} in the search filter as the placeholder for the username supplied by the user from the login form.

ldap_authorization_filter: str | None

The LDAP search filter to use to determine whether a user is authorized. This should a valid LDAP search filter. If this is None, all users who can successfully authenticate will be authorized. If this is not None, the search with this filter must return at least one result for the user to be authorized.

You may use these replacement fields in the filter:

{username_attribute}: the value of ldap_username_attribute
{username_full_name_attribute}: the value of ldap_full_name_attribute

Use {username} in the search filter as the placeholder for the username supplied by the user from the login form.

ldap_timeout: int: Number of seconds to wait for an LDAP connection to be established

ldap_min_pool_size: int: Min number of LDAP connections to keep in the pool

ldap_max_pool_size: int: Max number of LDAP connections to keep in the pool

ldap_pool_connection_lifetime_seconds: int: Recycle LDAP connections after this many seconds

sentry_url: str | None: The sentry DSN to use for error reporting. If this is None, no error reporting will be done.

model_config: ClassVar[SettingsConfigDict] = {'arbitrary_types_allowed': True, 'case_sensitive': False, 'env_file': None, 'env_file_encoding': None, 'env_nested_delimiter': None, 'env_prefix': '', 'extra': 'forbid', 'protected_namespaces': ('model_', 'settings_'), 'secrets_dir': None, 'validate_default': True}

redis_url_required_if_session_type_is_redis()[source]

If we’ve configured the session backend to be redis, redis_url is required.

Raises:: ValidationError – redis_url is required if session_backend is redis

classmethod construct(_fields_set: set[str] | None = None, **values: Any) → Model

Returns a copy of the model.

This method is now deprecated; use model_copy instead. If you need include or exclude, use:

`py data = self.model_dump(include=include, exclude=exclude, round_trip=True) data = {**data, **(update or {})} copied = self.model_validate(data) `

Parameters:

include – Optional set or mapping specifying which fields to include in the copied model.
exclude – Optional set or mapping specifying which fields to exclude in the copied model.
update – Optional dictionary of field-value pairs to override field values in the copied model.
deep – If True, the values of fields that are Pydantic models will be deep copied.

Returns:

A copy of the model with included, excluded and updated fields as specified.

dict(*, include: IncEx = None, exclude: IncEx = None, by_alias: bool = False, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False) → Dict[str, Any]

classmethod from_orm(obj: Any) → Model

json(*, include: IncEx = None, exclude: IncEx = None, by_alias: bool = False, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False, encoder: Callable[[Any], Any] | None = PydanticUndefined, models_as_dict: bool = PydanticUndefined, **dumps_kwargs: Any) → str

property model_computed_fields: dict[str, ComputedFieldInfo]

Get the computed fields of this model instance.

Returns:: A dictionary of computed field names and their corresponding ComputedFieldInfo objects.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Model

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed. Behaves as if Config.extra = ‘allow’ was set since it adds all passed values

Parameters:

_fields_set – The set of field names accepted for the Model instance.
values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

model_copy(*, update: dict[str, Any] | None = None, deep: bool = False) → Model

Returns a copy of the model.

Parameters:

update – Values to change/add in the new model. Note: the data is not validated before creating the new model. You should trust this data.
deep – Set to True to make a deep copy of the model.

Returns:

New model instance.

model_dump(*, mode: Literal['json', 'python'] | str = 'python', include: IncEx = None, exclude: IncEx = None, by_alias: bool = False, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False, round_trip: bool = False, warnings: bool = True) → dict[str, Any]

Usage docs: https://docs.pydantic.dev/dev-v2/usage/serialization/#modelmodel_dump

Generate a dictionary representation of the model, optionally specifying which fields to include or exclude.

Parameters:

mode – The mode in which to_python should run. If mode is ‘json’, the dictionary will only contain JSON serializable types. If mode is ‘python’, the dictionary may contain any Python objects.
include – A list of fields to include in the output.
exclude – A list of fields to exclude from the output.
by_alias – Whether to use the field’s alias in the dictionary key if defined.
exclude_unset – Whether to exclude fields that are unset or None from the output.
exclude_defaults – Whether to exclude fields that are set to their default value from the output.
exclude_none – Whether to exclude fields that have a value of None from the output.
round_trip – Whether to enable serialization and deserialization round-trip support.
warnings – Whether to log warnings when invalid fields are encountered.

Returns:

A dictionary representation of the model.

model_dump_json(*, indent: int | None = None, include: IncEx = None, exclude: IncEx = None, by_alias: bool = False, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False, round_trip: bool = False, warnings: bool = True) → str

Usage docs: https://docs.pydantic.dev/dev-v2/usage/serialization/#modelmodel_dump_json

Generates a JSON representation of the model using Pydantic’s to_json method.

Parameters:

indent – Indentation to use in the JSON output. If None is passed, the output will be compact.
include – Field(s) to include in the JSON output. Can take either a string or set of strings.
exclude – Field(s) to exclude from the JSON output. Can take either a string or set of strings.
by_alias – Whether to serialize using field aliases.
exclude_unset – Whether to exclude fields that have not been explicitly set.
exclude_defaults – Whether to exclude fields that have the default value.
exclude_none – Whether to exclude fields that have a value of None.
round_trip – Whether to use serialization/deserialization between JSON and class instance.
warnings – Whether to show any warnings that occurred during serialization.

Returns:

A JSON string representation of the model.

property model_extra: dict[str, Any] | None

Get extra fields set during validation.

Returns:: A dictionary of extra fields, or None if config.extra is not set to “allow”.

model_fields: ClassVar[dict[str, FieldInfo]] = {'auth_realm': FieldInfo(annotation=str, required=False, default='Restricted'), 'cookie_domain': FieldInfo(annotation=Union[str, NoneType], required=False), 'cookie_name': FieldInfo(annotation=str, required=False, default='nginxauth'), 'debug': FieldInfo(annotation=bool, required=False, default=False), 'ldap_authorization_filter': FieldInfo(annotation=Union[str, NoneType], required=False), 'ldap_basedn': FieldInfo(annotation=str, required=True), 'ldap_binddn': FieldInfo(annotation=str, required=True), 'ldap_disable_referrals': FieldInfo(annotation=bool, required=False, default=False), 'ldap_full_name_attribute': FieldInfo(annotation=str, required=False, default='cn'), 'ldap_get_user_filter': FieldInfo(annotation=str, required=False, default='{username_attribute}={username}'), 'ldap_max_pool_size': FieldInfo(annotation=int, required=False, default=30), 'ldap_min_pool_size': FieldInfo(annotation=int, required=False, default=1), 'ldap_password': FieldInfo(annotation=str, required=True), 'ldap_pool_connection_lifetime_seconds': FieldInfo(annotation=int, required=False, default=20), 'ldap_starttls': FieldInfo(annotation=bool, required=False, default=True), 'ldap_timeout': FieldInfo(annotation=int, required=False, default=15), 'ldap_uri': FieldInfo(annotation=str, required=True), 'ldap_username_attribute': FieldInfo(annotation=str, required=False, default='uid'), 'log_type': FieldInfo(annotation=Literal['json', 'text'], required=False, default='text'), 'loglevel': FieldInfo(annotation=Literal['NOTSET', 'DEBUG', 'INFO', 'WARN', 'ERROR', 'CRITICAL'], required=False, default='INFO'), 'redis_prefix': FieldInfo(annotation=str, required=False, default='nginx_ldap_auth.'), 'redis_url': FieldInfo(annotation=Union[Annotated[pydantic_core._pydantic_core.Url, UrlConstraints(max_length=None, allowed_schemes=['redis', 'rediss'], host_required=None, default_host='localhost', default_port=6379, default_path='/0')], NoneType], required=False), 'secret_key': FieldInfo(annotation=str, required=True), 'sentry_url': FieldInfo(annotation=Union[str, NoneType], required=False), 'session_backend': FieldInfo(annotation=Literal['redis', 'memory'], required=False, default='memory'), 'session_max_age': FieldInfo(annotation=int, required=False, default=0), 'use_rolling_session': FieldInfo(annotation=bool, required=False, default=False)}

property model_fields_set: set[str]

Returns the set of fields that have been set on this model instance.

Returns:

A set of strings representing the fields that have been set,: i.e. that were not filled from defaults.

classmethod model_json_schema(by_alias: bool = True, ref_template: str = '#/$defs/{model}', schema_generator: type[GenerateJsonSchema] = <class 'pydantic.json_schema.GenerateJsonSchema'>, mode: JsonSchemaMode = 'validation') → dict[str, Any]

Generates a JSON schema for a model class.

To override the logic used to generate the JSON schema, you can create a subclass of GenerateJsonSchema with your desired modifications, then override this method on a custom base class and set the default value of schema_generator to be your subclass.

Parameters:

by_alias – Whether to use attribute aliases or not.
ref_template – The reference template.
schema_generator – The JSON schema generator.
mode – The mode in which to generate the schema.

Returns:

The JSON schema for the given model class.

classmethod model_parametrized_name(params: tuple[type[Any], ...]) → str

Compute the class name for parametrizations of generic classes.

This method can be overridden to achieve a custom naming scheme for generic BaseModels.

Parameters:: params – Tuple of types of the class. Given a generic class Model with 2 type variables and a concrete model Model[str, int], the value (str, int) would be passed to params.
Returns:: String representing the new class where params are passed to cls as type variables.
Raises:: TypeError – Raised when trying to generate concrete names for non-generic models.

model_post_init(_BaseModel__context: Any) → None: Override this method to perform additional initialization after __init__ and model_construct. This is useful if you want to do some validation that requires the entire model to be initialized.

classmethod model_rebuild(*, force: bool = False, raise_errors: bool = True, _parent_namespace_depth: int = 2, _types_namespace: dict[str, Any] | None = None) → bool | None

Try to rebuild the pydantic-core schema for the model.

This may be necessary when one of the annotations is a ForwardRef which could not be resolved during the initial attempt to build the schema, and automatic rebuilding fails.

Parameters:

force – Whether to force the rebuilding of the model schema, defaults to False.
raise_errors – Whether to raise errors, defaults to True.
_parent_namespace_depth – The depth level of the parent namespace, defaults to 2.
_types_namespace – The types namespace, defaults to None.

Returns:

Returns None if the schema is already “complete” and rebuilding was not required. If rebuilding _was_ required, returns True if rebuilding was successful, otherwise False.

classmethod model_validate(obj: Any, *, strict: bool | None = None, from_attributes: bool | None = None, context: dict[str, Any] | None = None) → Model

Validate a pydantic model instance.

Parameters:

obj – The object to validate.
strict – Whether to raise an exception on invalid fields.
from_attributes – Whether to extract data from object attributes.
context – Additional context to pass to the validator.

Raises:

ValidationError – If the object could not be validated.

Returns:

The validated model instance.

classmethod model_validate_json(json_data: str | bytes | bytearray, *, strict: bool | None = None, context: dict[str, Any] | None = None) → Model

Validate the given JSON data against the Pydantic model.

Parameters:

json_data – The JSON data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.

Returns:

The validated Pydantic model.

Raises:

ValueError – If json_data is not a JSON string.

classmethod parse_file(path: str | Path, *, content_type: str | None = None, encoding: str = 'utf8', proto: _deprecated_parse.Protocol | None = None, allow_pickle: bool = False) → Model

classmethod parse_obj(obj: Any) → Model

classmethod parse_raw(b: str | bytes, *, content_type: str | None = None, encoding: str = 'utf8', proto: _deprecated_parse.Protocol | None = None, allow_pickle: bool = False) → Model

classmethod schema(by_alias: bool = True, ref_template: str = '#/$defs/{model}') → Dict[str, Any]

classmethod schema_json(*, by_alias: bool = True, ref_template: str = '#/$defs/{model}', **dumps_kwargs: Any) → str

classmethod settings_customise_sources(settings_cls: type[BaseSettings], init_settings: PydanticBaseSettingsSource, env_settings: PydanticBaseSettingsSource, dotenv_settings: PydanticBaseSettingsSource, file_secret_settings: PydanticBaseSettingsSource) → tuple[PydanticBaseSettingsSource, ...]

Define the sources and their order for loading the settings values.

Parameters:

settings_cls – The Settings class.
init_settings – The InitSettingsSource instance.
env_settings – The EnvSettingsSource instance.
dotenv_settings – The DotEnvSettingsSource instance.
file_secret_settings – The SecretsSettingsSource instance.

Returns:

A tuple containing the sources and their order for loading the settings values.

classmethod update_forward_refs(**localns: Any) → None

classmethod validate(value: Any) → Model