You can always send the username/password as a cookie (tg_remember_me), and use it as a way of authentication. This will not require any new table.
I attached a monkey-patch that by importing it to your project, it replaces the original IdentityVisitPlugin with a derived class that supports authentication from the tg_remember_me cookie.
Nadav
On 10/27/06, Andrew Grover <[EMAIL PROTECTED]> wrote:
On 10/25/06, thesamet <[EMAIL PROTECTED]> wrote:
> I think that the notion of visit should be separated from the "Remember
> me" feature. Visit represents a single contigious session. "Remember
> me" is something on top of that, that automatically links the current
> visit with an identity.
Yeah this was just code I hacked together for my own use. If this
functionality was incorporated into TG, perhaps it should be rolled
into identity. Did you have any thoughts on this? Can it work without
requiring another table beyond visit and visit_identity?
Regards -- Andy
--
Sincerely yours,
Nadav
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/turbogears-trunk
-~----------~----~----~----~------~----~------~--~---
from turbogears import identity from turbogears.config import get from turbogears.identity.visitor import log import cherrypy import time
BaseIdentityVisitPlugin = identity.visitor.IdentityVisitPlugin
class IdentityVisitPlugin(BaseIdentityVisitPlugin):
def __init__(self):
self.remember_me_field = get( "identity.form.remember_me", "remember_me" )
# Default name for remember me cookie
self.remember_me_cookie_name = get( 'identity.remember_me.cookie.name', 'tg_remember_me')
self.remember_me_cookie_path = get( 'identity.remember_me.cookie.path', '/')
self.remember_me_cookie_domain = get( 'identity.remember_me.cookie.path', None)
self.remember_me_enabled = get( 'identity.remember_me.on', True)
super(IdentityVisitPlugin, self).__init__()
if self.remember_me_enabled:
self.identity_sources.append(self.identity_from_remember_me)
def identity_from_remember_me( self, visit_key ):
'''
Inspect the remember me cookie to pull out identity information.
Returns an identity dictionary or none if the cookie contained no identity
information or the information was incorrect.
'''
cookies = cherrypy.request.simple_cookie
if self.remember_me_cookie_name in cookies:
value = cookies[self.remember_me_cookie_name].value.split('\n')
if len(value)!=2:
return None
identity= self.provider.validate_identity(
user_name=value[0],
password = value[1],
visit_key = visit_key )
if identity is None:
log.warning( "The credentials specified weren't valid" )
return None
return identity
else:
return None
def identity_from_form( self, visit_key ):
identity = super(IdentityVisitPlugin, self).identity_from_form(visit_key)
if (identity and self.remember_me_enabled and
cherrypy.request.params.pop(self.remember_me_field, False)):
self.send_remember_me_cookie(identity.user.user_name, identity.user.password)
return identity
def send_remember_me_cookie(self, user_name, password):
'''
Sends a remember me cookie back to the browser
'''
cookies = cherrypy.response.simple_cookie
password = self.provider.encrypt_password(password)
cookies[self.remember_me_cookie_name] = user_name+'\n'+password
cookies[self.remember_me_cookie_name]['path'] = self.remember_me_cookie_path
gmt_expiration_time = time.gmtime(time.time() +
(365 * 24 * 60 * 60)) # 1 year, in seconds
cookies[self.remember_me_cookie_name]['expires'] = time.strftime(
"%a, %d-%b-%Y %H:%M:%S GMT", gmt_expiration_time)
if self.remember_me_cookie_domain:
cookies[self.remember_me_cookie_name]['domain'] = self.remember_me_cookie_domain
log.debug("Sending remember_me cookie")
def identity_from_request(self, visit_key):
'''
Retrieve identity information from the HTTP request. Checks first for
form fields defining the identity then for a cookie. If no identity
is found, returns an anonymous identity.
'''
identity= None
log.debug( "Retrieving identity for visit: %s", visit_key )
for source in self.identity_sources:
identity= source(visit_key)
if identity and not identity.anonymous:
return identity
log.debug( "No identity found" )
# No source reported an identity
identity= self.provider.anonymous_identity()
return identity
# We now replace the framework class with our derived class.
identity.visitor.IdentityVisitPlugin = IdentityVisitPlugin
def clear_remember_me_cookie():
'''
Clears any remember me cookie.
'''
cookies= cherrypy.response.simple_cookie
remember_me_cookie_name = get( 'identity.remember_me.cookie.name', 'tg_remember_me')
remember_me_cookie_path = get( 'identity.remember_me.cookie.path', '/')
# clear the cookie
log.debug( "Clearing remember_me cookie" )
cookies[remember_me_cookie_name]= ''
cookies[remember_me_cookie_name]['path']= remember_me_cookie_path
cookies[remember_me_cookie_name]['expires']= 0
