On Sun, Jun 17, 2007 at 10:01:24AM -0000, Jose Figueras wrote:
> Following "Authkit with Pylons" article (and a mixture of other
> articles, docs, etc) If I try to protect my whole application I see
> this strange error: "exceptions.AssertionError: Forwarding loop
> detected; '/signin' visited twice (internal redirect path: ['/public',
> '/signin']) ".
It usually means that your signin controller couldn't be accessed
without authentication. If you enforce authentication everywhere there
is no signin action you can even reach because you are not yet
authenticated. Chicken, egg. Check that you can call /signin without
problems first.
> 3. code in my main controller "controllers/home.py":
>
> class HomeController(BaseController):
>
> def signin(self):
> username = str(request.params.get('username',
> '').strip().lower())
> password = str(request.params.get('username',
> '').strip())
Shouldn't that read 'password'? :)
> if len(request.params) > 1 and username == password:
> request.environ['paste.auth_tkt.set_user']
> (username)
> request.environ['REMOTE_USER'] = username
>
> session['user'] = username
> session.save()
No need to save the username into the session. It is usually available
everywhere through request.environ.
> But, with this style, I must to add security on all my controllers.
You can at least say that all actions in a controller should require
authentication by following
http://docs.pythonweb.org/pages/viewpage.action?pageId=9011252
Cheers
Christoph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
