Hi My Pyramid-based framework includes a “login” view that looks like this:
def login(request): username = request.params.get('username') password = request.params.get('password') if username is None or password is None: return HTTPBadRequest(...) user = Session.query(User).filter_by(username=username).first() user_is_valid = user and user.validate_password(password) if user_is_valid: headers = remember(request, username) return HTTPFound(location=request.params.get('come_from'), headers=headers) return HTTPUnauthorized(...) So this login action gets the user from a “user” database table, and validates the password by calling “validate_password” on the “user” (SQLAlchemy) object. The action also takes care of returning an appropriate HTTP response, based on the received HTTP params and whether the user can be authenticated or not. I'd like the make the authentication/password validation process configurable. Applications based on my framework should be able to register their own authentication/password validation process. And I'd like to know what's the best way to achieve that. The application could overwrite the “login” view completely. But the “login” view includes logic that I think should not be duplicated. So I'd rather put the code user = Session.query(User).filter_by(username=username).first() user_is_valid = user and user.validate_password(password) in a “default” function, and make it possible for applications to overwrite this function. I've been thinking about adding a configurator directive (with add_directive) for that, like “set_user_authenticator” or something. But I'm wondering if this is an appropriate solution, or it there are more Pyramid standard ways for that. Any guidance welcome. Thanks, -- Eric Lemoine Camptocamp France SAS Savoie Technolac, BP 352 73377 Le Bourget du Lac, Cedex Tel : 00 33 4 79 44 44 96 Mail : eric.lemo...@camptocamp.com http://www.camptocamp.com -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.