I'm wondering if this is the correct list; but since I've seen several AuthKit-related posts I'll just go ahead.
Lawrence Oluyede wrote: > How can result be a HTTPUnauthorized instance if it's a str instance? > How does a HTTPUnauthorized get there? The *basic.authenticate.function* you've written (or the *user_has_password* for those who plugged in to the User Mgmt API) will return False when authentication fails. The caller (line 122) will return an HTTPUnauthorized instance instead of a username in that case. Which is promptly ignored, letting any failed authentication sail right through. I wasn't amused. Have I mentioned how convoluted that code path is? The .authenticate method can be called directly or through the instance's __call__ method. Maybe I'll have a look at it later. > BTW this code does not work if result is a unicode object. > True; seen a lot of programmers getting blindsided by this: even mostly-I18N-correct apps will force you to use ASCII usernames. Got my brain fried thinking "how will I test hanji usernames", so I gave up^W^Wleft it for a future time when I need it. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
