Hi Ben,
I'm moving this to the pylons-discuss list because I think it may be good
for other Pyramid users to give input.
If you think of HTTPFound() as ultimately returning a handler action or view
(which I'll call action going forward because I'm in the Pylons-to-Pyramid
camp), you can have it "find" an action with a JSON renderer. Here's a
simple excerpted example that assumes you're using the Pylons-style
handlers:
@action(renderer='json')
def validatelogin(self):
# code to validate login/pass and make a userid variable
if valid_login:
headers = remember(self.request, userid)
return HTTPFound(location=route_url('loggedin', self.request),
headers=headers)
else:
return {'reply': 'invalid user or password'}
# this action is associated with the route name 'loggedin'
@action(renderer='json', permission='restricted')
def loggedin(self):
return {'reply': 'login successful'}
The parsed JSON response object returned client-side then has a 'reply'
attribute with an appropriate response either way. If needed, you could also
check client-side if the server is returning a response code of 200 (in this
case failure) or 302 (in this case success), but I wouldn't rely just on the
server response code.
I also recommend protecting the loggedin() action with a permission
argument. That way if someone inadvertently tries to access that URL
directly and isn't truly logged in, it will call the forbidden context
instead of returning 'login successful'.
I've used this method in testing before without difficulty but never in
production, so if anyone else has recommendations I'm definitely interested.
Cheers,
Eric
On Wed, Mar 23, 2011 at 1:27 PM, Ben <[email protected]> wrote:
> I have a question about putting async form submitting and pyramid
> default authentication together.
>
> My sign up and sign in form is doing async form submitting, in the
> back end, if there is something wrong, I return a json message with
> all error messages, but when the form data is correct, I tried to
> authenticate the user using default authentication policy. Since I am
> doing async form submitting using javascript in the front end, I
> cannot really take advantage of using
>
> return HTTPFound() method to redirect user with authenticated
> headers.
>
> How can I set those authenticated headers and do redirect correctly
> with the async form submitting? Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-devel" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/pylons-devel?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
