I seem to be having problems implementing a custom Authentication
Policy class. I've created the following class, and the only purpose
is to remember and forget users using the Session, rather than
creating your own cookie as with the AuthTktAuthenticationPolicy
class. I'm using pyramid_beaker as the session manager, but I
authenticate against a MongoDB backend, so I wrote my own Auth.
For some reason the pyramid.security.forget and
pyramid.security.remember callables are not defering to the methods
inside my object. Did I miss anything in my implementation? I know the
documentation had a very simplistic example on how to roll your own
Auth class (it was missing the unauthenticated_userid() method) and I
think the implements(IAuthenticationPolicy) part is probably important
too, but from reading the code I'm not sure why my methods are not
called.
My workaround is to remember/forget by calling the session directly in
the login/logout views, but that doesn't seem correct.
----- in my __init__.py file
#Auth
from holllo.security import AuthSessionPolicy
from pyramid.authorization import ACLAuthorizationPolicy
#Session
from pyramid_beaker import session_factory_from_settings
...
#Session
session_factory = session_factory_from_settings(settings)
#Auth
authn_policy = AuthSessionPolicy()
authz_policy = ACLAuthorizationPolicy()
#Create the Configurator
config = Configurator( root_factory=Root,
settings=settings,
session_factory =
session_factory,
authentication_policy=authn_policy,
authorization_policy=authz_policy)
...
----- in my security.py file
from pyramid.authentication import CallbackAuthenticationPolicy
from zope.interface import implements
from pyramid.interfaces import IAuthenticationPolicy
class AuthSessionPolicy(CallbackAuthenticationPolicy):
"""Implements a session-based rather than cookie-based
authentication policy. Assumes that the current user is
stored in request.session['user'] and that user['email']
is the unique userid.
"""
implements(IAuthenticationPolicy)
def callback(self, userid, request):
"""Retrieve the current user from the session, and return the
groups"""
user = request.session.get('user', None)
if user:
return user['groups']
else:
return None
def remember(self, request, principal, **kw):
""" Return a set of headers suitable for 'remembering' the
principal named ``principal`` when set in a response. An
individual authentication policy and its consumers can decide
on the composition and meaning of **kw. """
log.debug("Remember the userid and user")
request.session['user'] = principal
request.session['userid'] = principal.get('username')
def forget(self, request):
""" Return a set of headers suitable for 'forgetting' the
current user on subsequent requests. """
log.debug("Forget the userid and user")
del request.session['user']
del request.session['userid']
def unauthenticated_userid(self, request):
return request.session.get('userid', None)
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
