Hello,
This is a consequence of using RedirectingFormPlugin, the only repoze.who
challenger which has to reach the application to challenge (this is, display
the login form). While using this plugin there's *nothing* else you can do --
you are protecting the whole application, how is repoze.who supposed to reach
the controller action that displays the login form then?
If you don't like the workaround, you have to change the plugin (use something
like the built-in FormPlugin or write your own).
But keep in mind that in spite of this drawback, RedirectingFormPlugin-like
forms are developer-friendlier than others.
Cheers.
On Wednesday February 18, 2009 05:11:06 cd34 wrote:
> Is there ever a situation when a login method needs to be behind an
> authenticated area? Perhaps if a user logs in as an editor, then
> needs to log in as a manager, perhaps you would have that double
> authorization request. From what I see, repoze actually would replace
> the current credentials with the new privileges and starting a new
> auth session rather than adding the extra group membership.
>
> The login page should clear any existing credentials and prompt the
> user for login information and shouldn't be password protected.
> Otherwise you have to decorate every method in your RootController
> with:
>
> @require(predicates.has_permission('manage', msg=_('Only for
> managers')))
>
> except for the login and logout?
>
> So, if someone needs to protect an application, they protect the
> subcontrollers with one method, and the defined pages in the root
> controller a separate way?
>
> perhaps something like:
>
> allowed_request_url = ['/login', '/login_handler', '/
> post_login_handler', '/logout', '/post_logout_handler']
>
> if pylons.request.path in allowed_request_url:
> return True
>
> or a proper fix.
>
> The current implementation seems to stray from the DRY method.
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
