Hi there, I'm using repoze.who openid plugin to validate users against Google openid implementation and so far it's working ok. I implemented IAuthenticator to validate the user in my database and then IMetadataProvider to add some extra data (such as language, name, gender, etc). Now I want to protect my controllers: I need to know is the user is authenticated and in case he's not, display the login form. For the time being I don't care about permissions, just the authentication. So I added the following decorator to my controllers:
from repoze.what.plugins.pylonshq import ControllerProtector from repoze.what.predicates import not_anonymous @ControllerProtector(not_anonymous()) class PortalController(BaseController): ... code ... As far as I understand, this should check if the user is not anonymous and return a 401 in case he is, hence presenting the login form. The problem I have is that it's always returning a 403 error and I cannot continue to the login process. What am I missing? Did I misunderstand the process and expected certain out of the box behaviour that in reality does not exist and I need to extend repoze.what to support it? Any tips will be appreciate. Mariano -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
