plugable authentication

Eric Lemoine Mon, 28 May 2012 02:28:12 -0700

Hi

My Pyramid-based framework includes a “login” view that looks like this:


def login(request):
    username = request.params.get('username')
    password = request.params.get('password')
    if username is None or password is None:
        return HTTPBadRequest(...)
    user = Session.query(User).filter_by(username=username).first()
    user_is_valid = user and user.validate_password(password)
    if user_is_valid:
        headers = remember(request, username)
        return HTTPFound(location=request.params.get('come_from'),
headers=headers)
    return HTTPUnauthorized(...)

So this login action gets the user from a “user” database table, and
validates the password by calling “validate_password” on the “user”
(SQLAlchemy) object. The action also takes care of returning an appropriate
HTTP response, based on the received HTTP params and whether the user can
be authenticated or not.

I'd like the make the authentication/password validation process
configurable. Applications based on my framework should be able to register
their own authentication/password validation process. And I'd like to know
what's the best way to achieve that.

The application could overwrite the “login” view completely. But the
“login” view includes logic that I think should not be duplicated.

So I'd rather put the code

     user = Session.query(User).filter_by(username=username).first()
    user_is_valid = user and user.validate_password(password)

in a “default” function, and make it possible for applications to overwrite
this function.

I've been thinking about adding a configurator directive (with
add_directive) for that, like “set_user_authenticator” or something. But
I'm wondering if this is an appropriate solution, or it there are more
Pyramid standard ways for that.

Any guidance welcome.

Thanks,


-- 
Eric Lemoine

Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac, Cedex

Tel : 00 33 4 79 44 44 96
Mail : eric.lemo...@camptocamp.com
http://www.camptocamp.com

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to 
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en.

plugable authentication

Reply via email to