Following "Authkit with Pylons" article (and a mixture of other
articles, docs, etc) If I try to protect my whole application I see
this strange error: "exceptions.AssertionError: Forwarding loop
detected; '/signin' visited twice (internal redirect path: ['/public',
'/signin']) ".
But WSGI chain seems good:
1. code in my "config/middleware.py" module:
...
if asbool(full_stack):
# Authentication and Authorization
import authkit.authorize
from authkit.permissions import RemoteUser
app = authkit.authorize.middleware(app, RemoteUser())
# Change HTTPExceptions to HTTP responses
app = httpexceptions.make_middleware(app, global_conf)
# Authentication and Authorization
import authkit.authenticate
app = authkit.authenticate.middleware(app, app_conf)
# Error Handling
app = ErrorHandler(app, global_conf,
error_template=error_template, **config.errorware)
...
2. options in my "development.ini" configuration file:
...
[app:main]
...
authkit.enable = true
authkit.method = forward
authkit.signin = /signin
authkit.cookie.signout = /signout
authkit.cookie.secret = my secret key
authkit.cookie.name = auth_tkt
authkit.cookie.params = max-age:3600
authkit.catch = 401, 403
3. code in my main controller "controllers/home.py":
class HomeController(BaseController):
def signin(self):
username = str(request.params.get('username',
'').strip().lower())
password = str(request.params.get('username',
'').strip())
if len(request.params) > 1 and username == password:
request.environ['paste.auth_tkt.set_user']
(username)
request.environ['REMOTE_USER'] = username
session['user'] = username
session.save()
redirect_to(request.environ['HTTP_REFERER'])
else:
return Response(login_template)
def signout(self):
if request.environ['PATH_INFO'] == '/signout/':
h.redirect_to('/signout')
if not request.environ.has_key('REMOTE_USER'):
return Response('You are not signed in')
else:
request.environ['paste.auth_tkt.logout_user']()
del request.environ['REMOTE_USER']
del session['user']
session.save()
return Response('You have been signed out')
def public(self):
return Response('This is public')
@authorize(RemoteUser())
def private(self):
return Response('This is private')
4. and I use the "default" (untouched) routes map file
If I work without global security, only at method level (tested with
public() and private() methods), commenting
"authkit.authorize.middleware" line, all works great.
But, with this style, I must to add security on all my controllers.
And I'm very lazy 8-)).
¿Someone knows where's the problem?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
