Hello,
I am using repoze.who, repoze.what and repoze.who.openid for my
authentication and authorization needs. Since I needed to integrate
repoze.who.openid, I did not use repoze.what-quickstart but merely
configured repoze.who and repoze.what "by hand".
Here is the configuration I use:
def add_auth(app, app_conf):
# Setting up repoze.who plugins
auth_tkt = AuthTktCookiePlugin(
secret = 'xxxxxxxxxx',
cookie_name = 'oatmeal')
openid = OpenIdIdentificationPlugin(
store = 'file',
store_file_path = app_conf['cache_dir']+'/sstore',
openid_field = 'openid',
came_from_field = 'came_from',
error_field = 'error',
session_name = 'beaker.session',
login_form_url = '/login',
login_handler_path = '/dologin_openid',
logout_handler_path = '/logout',
logged_in_url = '/login',
logged_out_url = '/login',
rememberer_name = 'auth_tkt')
form = RedirectingFormPlugin(
login_form_url = '/login',
login_handler_path = '/dologin',
logout_handler_path = '/logout_form',
rememberer_name = 'auth_tkt')
usermodelplugin = UserModelPlugin()
# Defining identifiers
identifiers = [('auth_tkt', auth_tkt), ('openid', openid),
('form', form)]
# Defining authenticators
authenticators = [('authenticator', usermodelplugin)]
# Defining challengers
challengers = [('openid', openid)]
# Defining metadata providers
mdproviders=[('mdproviders', usermodelplugin)]
# Setting up repoze.what
groups = SqlGroupsAdapter(Group, User, Session)
# we need to map some of the attributes to the default model
groups.translations['section_name'] = 'name' # the group name is
stored into group.name instead of group.group_name
groups.translations['item_name'] = 'id' # we are using user.id to
identify a user instead of user.user_name
permissions = SqlPermissionsAdapter(Permission, Group, Session)
permissions.translations['section_name'] = 'name'
permissions.translations['item_name'] = 'name'
groups_adapter = {'all_groups': groups}
permissions_adapter = {'all_perms': permissions}
app_with_auth = setup_auth(
app,
group_adapters=groups_adapter,
permission_adapters=permissions_adapter,
# set up repoze.who
classifier=default_request_classifier,
challenge_decider=openid_challenge_decider,
identifiers=identifiers,
authenticators=authenticators,
challengers=challengers,
# enable logging on stdout for easy debug
log_level = logging.DEBUG,
log_stream = sys.stdout)
return app_with_auth
Authentification and authorization both work great : I can log in, log
out, both with openid and a login and password. However I'd like to
implement some more features, among which notifying the user when he
provided a non valid login or password (it would be even better if
those could be two different errors) or a non registered openid.
I thought of using pylons.tmpl_context, but of course it is not
available in the authenticator (if I understood correctly, since the
authenticator is part of the middleware, it is executed before pylons,
thus preventing any use of the tmpl_context variable). I looked at
some tutorials, and found that there is a 'repoze.who.logins' key in
request.environ which acts as a login counter. My problem is: this key
is not present in my application.
Would you know why it isn't ? And do you know of any mean by which I
could implement the error notifying I talked about ?
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
