Hi, Eric
Thanks for the answer. After I posted this question, I found a working
solution, but not sure if it is the best way.
Basically I am not using HTTPFound anymore, I use
request.response_headerlist
if valid_login:
headers = remember(self.request, userid)
redirect_url = route_url('next_step', self.request)
self.request.response_headerlist = headers
return {'status': 1, 'url': redirect_url}
In my client code (Javascript), check JSON response, if status is 1,
then I redirect url to 'redirect_url'. Because I use
response_headerlist, so the authentication cookies actually get set
correctly this way.
On Mar 27, 12:10 am, Eric Rasmussen <[email protected]> wrote:
> Hi Ben,
>
> I'm moving this to the pylons-discuss list because I think it may be good
> for other Pyramid users to give input.
>
> If you think of HTTPFound() as ultimately returning a handler action or view
> (which I'll call action going forward because I'm in the Pylons-to-Pyramid
> camp), you can have it "find" an action with a JSON renderer. Here's a
> simple excerpted example that assumes you're using the Pylons-style
> handlers:
>
> @action(renderer='json')
> def validatelogin(self):
> # code to validate login/pass and make a userid variable
> if valid_login:
> headers = remember(self.request, userid)
> return HTTPFound(location=route_url('loggedin', self.request),
> headers=headers)
> else:
> return {'reply': 'invalid user or password'}
>
> # this action is associated with the route name 'loggedin'
> @action(renderer='json', permission='restricted')
> def loggedin(self):
> return {'reply': 'login successful'}
>
> The parsed JSON response object returned client-side then has a 'reply'
> attribute with an appropriate response either way. If needed, you could also
> check client-side if the server is returning a response code of 200 (in this
> case failure) or 302 (in this case success), but I wouldn't rely just on the
> server response code.
>
> I also recommend protecting the loggedin() action with a permission
> argument. That way if someone inadvertently tries to access that URL
> directly and isn't truly logged in, it will call the forbidden context
> instead of returning 'login successful'.
>
> I've used this method in testing before without difficulty but never in
> production, so if anyone else has recommendations I'm definitely interested.
>
> Cheers,
> Eric
>
>
>
>
>
>
>
> On Wed, Mar 23, 2011 at 1:27 PM, Ben <[email protected]> wrote:
> > I have a question about putting async form submitting and pyramid
> > default authentication together.
>
> > My sign up and sign in form is doing async form submitting, in the
> > back end, if there is something wrong, I return a json message with
> > all error messages, but when the form data is correct, I tried to
> > authenticate the user using default authentication policy. Since I am
> > doing async form submitting using javascript in the front end, I
> > cannot really take advantage of using
>
> > return HTTPFound() method to redirect user with authenticated
> > headers.
>
> > How can I set those authenticated headers and do redirect correctly
> > with the async form submitting? Thanks!
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "pylons-devel" group.
> > To post to this group, send email to [email protected].
> > To unsubscribe from this group, send email to
> > [email protected].
> > For more options, visit this group at
> >http://groups.google.com/group/pylons-devel?hl=en.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
