That's right, you can only secure subcontrollers, not the whole root
controller.
That causes a cyclic link because the whole application is protected,
including the controller actions where the login form is displayed and
processed, respectively. This is, authorization is denied, then you're
redirected to the login form, but the login form is secured, so you're
redirected to the login form, but the login form is secured... and so on :)
Use the following repoze.what predicate if you're using the default
login/logout URLs:
from repoze.what.predicates import Predicate
class is_login(Predicate):
"""The current page doesn't handle authentication"""
message = "%(path_info)s is does not handle logins or logouts"
white_list = ['/login', '/login_handler', '/post_login_handler',
'/logout', '/post_logout_handler']
def evaluate(self, environ, credentials):
path_info = environ.get('PATH_INFO', '')
if path_info not in self.white_list:
self.unmet(path_info=path_info)
Then you can define your root controller as:
from yourapplication.lib.auth import is_login
class RootController(BaseController):
allow_only = Any(not_anonymous(), is_login())
# ...
Unfortunately, we can't provide a generic mechanism which does the above for
you, because it depends on the repoze.who challenger(s) you're using; for
example, if you were using the built-in FormPlugin, there would be nothing to
do.
We can document it as a recipe, though.
Cheers.
On Wednesday February 18, 2009 00:23:30 Qwait wrote:
> I am writing an application that needs to exist behind a secure
> controller. When putting the "allow_only", firefox goes into a endless
> loop, thus not allowing me to login. I suspect this is because the /
> login method is also protected there for redirecting to the login
> page, which is protected. The secure controller appears to work on sub
> controllers or if I decorate each of the exposed methods. I am running
> TG2b5, python 2.5, in a virtual environment.
>
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
