Thank you Graham for these precious inputs. I'll also have a deep look at the shabti_auth I wasn't aware of.
Actually I realized those difficulties related to spec points 4 and 5 under authkit usage For the time being and for this project I had to find out compromizes: - I could manage redirecting to referrer url on successful authentication by tracking it with cookies - As you explained no way for a customized 401 error document. I compromized the spec by managing to show a session flash message on the authkit redirected signin page. This is enough for showing the user the entered data were wrong. The session flash message is activated into render_signin() if request.params multidict is not empty ( I use this config : authkit.form.template.obj=mysite.lib.auth:render_signin) Cheers Daniel On Jun 3, 10:38 am, Graham Higgins <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 3 Jun 2010, at 08:25, daniel wrote: > > > but for the time being I would really wish getting the authkit working > > as I need (actually here we are still talking about basic > > authentication needs) > > 4- In case of Sign In success REDIRECT TO THE STARTING URL (the one > > from where the sign in url has been launched; obviously I'll make the > > template able to show the looged in status) > > You might get what you need from the AuthKit Cookbook:, c.f. > > http://wiki.pylonshq.com/display/authkitcookbook/Forward > > > 5- In case of Sign In failure, show a customized 401 error document > > ICBW, but I suspect that you'll find this one rather challenging. > authkit-as-middleware intercepts /all/ outgoing 401s - they trigger > authkit to present the sign-in page instead - the user never see the > 401, just the sign-in page - which, in the case of failed authn, is re- > presented by Authkit itself, the incoming login data is handled by > Authkit before your app is even called. Hard to see how you're going > to sneak a decorated 401 past AuthKit without the response being > swapped out for a redirect to the sign-in URL. That switch is the > designed behaviour, so (AIUI) you've essentially created a spec for a > non-standard approach --- which will probably involve you in modifying > the AuthKit code unless you can relax your spec to allow re- > presentation of the sign-in page. > > If you need the same functionality in a non-middleware approach, you > might get some ideas from the Shabti basic auth'n'auth project > template ]1] which will tick your boxes from #1-#4 and which will give > you an opportunity to implement #5 in your app. > > Alternatively, repoze.who maintains a count of login attempts, which > you can exploit to present a suitably decorated sign-in page when > count>0, if that will satisfy your requirements. > > [1]http://bel-epa.com/shabtidocs/shabti_templates/shabti_auth.html > [2]http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Au... > > HTH > > - -- > Cheers, > > Graham > > http://www.linkedin.com/in/ghiggins > > -----BEGIN PGP SIGNATURE----- > > iEYEARECAAYFAkwHahcACgkQOsmLt1NhivyFhgCfb4UWrFTVadBqzCpNv9F1Fk6b > fFgAoMNpLF5icJyQBs+r5ck1SX67d31uiQCVAgUBTAdqF1nrWVZ7aXD1AQLf4gP8 > C39uDVZxiYS7mld7Haezq25wo6ZJpPAIGqdNySnV1UqRP1nWdACXsNUND4poAWGs > TfhsXIYwQi9wnQJ6PpI59P9oXtcdYrT5uytT22qdPfWYbyYWenIp+aKxFxByb7YF > TaymhufJRdjkYbPZZPa9Q46tIuRs5zOdQLdU7kkvHDU= > =mQhu > -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
