Re: repoze.auth Error Handling and login/logout handler

Fri, 10 Sep 2010 02:24:23 -0700 

On Wed, 2010-09-08 at 07:57:47 -0700, Dobrysmak wrote:
> First of all, i've got a login form for users.
> My configuration for repoze.what looks like this
> 
> return setup_sql_auth(
>         app,
>         User,
>         Groups,
>         Permissions,
>         meta.Session,
>         login_url='/login/index',
>         post_login_url='/main/cpanel',
>         post_logout_url='/login/index',
>         login_handler='/login/login',
>         logout_handler='/login/logout',
>         cookie_secret=config['cookie_secret'],
>         cookie_timeout=600,
>         cookie_reissue_time=500,
>         translations={
>             'validate_password' : 'check_pass',
>             'user_name': 'login',
>             'group_name': 'name',
>             'permission_name': 'name'
>         })
> 
> When a users is loggin in, the application should update the
> "last_visit_date" column in db, this action is placed in "/login/
> login", but at the process of user login this action is ignored.
> That's the first question, why and how to fix this?

login_url is intercepted by repoze.who middleware, your controller code
doesn't see it at all.  Do it in post_login action instead.  What I do
is create a route like '/post-login', assign dedicated controller action
to it and do things like updating DB there, then redirect() user to the
URL which represents dashboard or some other place where user must land
after logging in.

> The second part is the Error handling in repoze.what/who.
> When user puts the wrong pass/name it rise an Exception 401 (that's
> ok) and displays it in a standard pylons debuge mode, but where can i
> customize it to show restricted access messages?

What I also do in post_login action is check if login was successful and
if it isn't, create flash message informing about it and redirect to
login page.  My post_login method looks something like this:

  def post_login(self):
      identity = request.environ.get('repoze.who.identity')
      if not identity:
          h.flash(_('Wrong username and password.'))
          redirect(url('login'))
      # Obtain user object.
      user = identity['user']
      # Do other stuff like updating DB.
      # Then redirect to the dashboard.
      redirect(url('dashboard'))

HTH,
-- 
Audrius Kažukauskas

Attachment: pgp0uWznmCF4d.pgp
Description: PGP signature

Reply via email to