Hello,
I'm trying setup a repoze.bfg application where users are allowed to
authenticate through the HTTP authentication mechanism.
I thought that using the built-in authentication policy
`RemoteUserAuthenticationPolicy` with the help of a middleware such as
`paste.auth.basic` would do the trick, but either I'm too stupid to figure out
how to configure all of this, or I need something else.
So, what I did is:
* setup the authentication policy in my configure.zcml::
<remoteuserauthenticationpolicy
environ_key="REMOTE_USER"
callback=".security.groups_user" />
The callback is the following::
def groups_user(user, request):
if user in request.root['users']:
return [] # The user is known, but it has no groups
else:
return None # User unknown
Where `root['users']` is the ZODB dictionary which contains my users.
* I defined a forbidden view, which returns `webob.exc.HTTPUnauthorized`
(AFAIK, the default one is already doing the same)
* I configured the Paste middleware as such::
[filter:grant]
use = egg:Paste#auth_basic
realm=foo
authfunc=app.security:http_auth
For reference, the `authfunc` receives `environ`, `username` and `password`
and is suppose to return `None` or the username if it can authenticate the
user.
Now, I'm a bit stuck, since I want the auth function of Paste to do the same
thing as the callback function of the authentication policy, but I can't, since
I don't have access to the request and the ZODB.
I'm a bit confused and I didn't find much informations on how to set this up. As
far as I understand the system now, it seems that I can't really use what I
described previously, and I need to write my own authentication policy. But I'm
not sure if and how I could reuse the work from `paste.auth.basic` (or another
one) to do this.
Did I do something wrong? Is there a better way to configure this?
Thanks,
Jonathan
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
