#2277: Authz notification (WebFlash) messages are broken when TG2 doesn't
configures Repoze auth software
------------------------+---------------------------------------------------
Reporter: Gustavo | Owner:
Type: defect | Status: new
Priority: high | Milestone: 2.0rc1
Component: TurboGears | Version: 2.0b7
Severity: critical | Keywords: WebFlash, repoze, auth
------------------------+---------------------------------------------------
If I configure repoze.who and repoze.what manually, when authorization is
denied I can't see the reason flashed anymore.
Everything else works perfectly, I can even see the reason printed in the
logs, but !WebFlash's cookie isn't set and thus that message is not
printed in the page.
To reproduce it:
1. Tell TG not to configure Repoze auth middleware by removing/commenting
the following line in yourapp/config/app_cfg.py:
{{{
base_config.auth_backend = 'sqlalchemy'
}}}
1. Add the middleware through the following function (define it in
yourapp/config/auth.py):
{{{
from logging import INFO, getLogger
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.sa import (SQLAlchemyUserMDPlugin,
SQLAlchemyAuthenticatorPlugin)
from repoze.who.plugins.friendlyform import FriendlyFormPlugin
from repoze.what.middleware import setup_auth
from repoze.what.plugins.sql import SqlGroupsAdapter,
SqlPermissionsAdapter
from yourapp.model import User, Group, Permission, DBSession
def add_auth(app):
"""Add Repoze auth middleware to ``app``"""
# --- Configuring repoze.who:
who_args = {}
# Adding the identifier plugins:
cookie = AuthTktCookiePlugin(secret='secret',
cookie_name='authtkt')
form = FriendlyFormPlugin(
login_form_url='/login',
login_handler_path='/login_handler',
post_login_url='/post_login',
logout_handler_path='/logout_handler',
post_logout_url='/post_logout',
rememberer_name='cookie')
who_args['identifiers'] = [
('cookie', cookie),
('main_identifier', form)]
# Adding authenticators:
sql_authn = SQLAlchemyAuthenticatorPlugin(User,
DBSession)
who_args['authenticators'] = [
('sql_authn', sql_authn)]
# Our form is also a challenger:
who_args['challengers'] = [
('form', form)]
# Adding metadata providers:
sql_user_md = SQLAlchemyUserMDPlugin(User, DBSession)
who_args['mdproviders'] = [
('sql_user', sql_user_md)]
# Setting the logs up:
who_args['log_stream'] = getLogger('auth')
who_args['log_level'] = INFO
# --- Configuring repoze.what:
# Adding group source adapters:
groups_in_db = SqlGroupsAdapter(Group, User, DBSession)
group_adapters = {'sql_groups': groups_in_db}
# Adding permission source adapters:
perms_in_db = SqlPermissionsAdapter(Permission, Group,
DBSession)
permission_adapters = {'sql_perms': perms_in_db}
app_with_mw = setup_auth(app, group_adapters,
permission_adapters,
**who_args)
return app_with_mw
}}}
1. Go to yourapp/config/middleware and add the middleware:
{{{
from yourapp.config.app_cfg import base_config
from yourapp.config.environment import load_environment
from yourapp.config.auth import add_auth
__all__ = ['make_app']
make_base_app = base_config.setup_tg_wsgi_app(load_environment)
def make_app(global_conf, full_stack=True, **app_conf):
app = make_base_app(global_conf, full_stack=True, **app_conf)
# Wrap your base TurboGears 2 application with custom middleware here
app = add_auth(app)
return app
}}}
Finally, visit a protected page like
http://127.0.0.1:8080/manage_permission_only and you'll see that the
reason why authorization was denied is no longer flashed.
I already tried to find what's wrong, but I couldn't. I have the feeling
that it's something microscopical.
--
Ticket URL: <http://trac.turbogears.org/ticket/2277>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
