Re: Global Authkit app protection

Sun, 17 Jun 2007 14:03:51 -0700 

On 17 jun, 13:22, Christoph Haas <[EMAIL PROTECTED]> wrote:
> On Sun, Jun 17, 2007 at 10:01:24AM -0000, Jose Figueras wrote:
> > Following "Authkit with Pylons" article (and a mixture of other
> > articles, docs, etc) If I try to protect my whole application I see
> > this strange error: "exceptions.AssertionError: Forwarding loop
> > detected; '/signin' visited twice (internal redirect path: ['/public',
> > '/signin']) ".
>
> It usually means that your signin controller couldn't be accessed
> without authentication. If you enforce authentication everywhere there
> is no signin action you can even reach because you are not yet
> authenticated. Chicken, egg. Check that you can call /signin without
> problems first.

It's possible to un-enforce authentication on one controller's method
(or one controller)?

> >    3. code in my main controller "controllers/home.py":
>
> >        class HomeController(BaseController):
>
> >            def signin(self):
> >                username = str(request.params.get('username',
> > '').strip().lower())
> >                password = str(request.params.get('username',
> > '').strip())
>
> Shouldn't that read 'password'? :)

Yes. My typo.

> >                if len(request.params) > 1 and username == password:
> >                    request.environ['paste.auth_tkt.set_user']
> > (username)
> >                    request.environ['REMOTE_USER'] = username
>
> >                    session['user'] = username
> >                    session.save()
>
> No need to save the username into the session. It is usually available
> everywhere through request.environ.

You're right.

> > But, with this style, I must to add security on all my controllers.
>
> You can at least say that all actions in a controller should require
> authentication by 
> followinghttp://docs.pythonweb.org/pages/viewpage.action?pageId=9011252

I tried this option but I had the same error above.

Chicken, egg again because all methods pertains to the same
controller...

Cheers,
Jose


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to