Sanjay wrote: > Trying to understand the way login mechanism works. > > Even if I comment the generated "login" method (in the Root > controller), the following url works perfectly. > > http://localhost:8080/?login=Login&user_name=sanjay&password=welcome > > Being a novice in TG and related technologies, not being able to trace > exactly how the login takes place. Curious to know. > > Thanks in advance > Sanjay
The source (just for reference, if you are curious): http://trac.turbogears.org/turbogears/browser/branches/1.0/turbogears/identity/visitor.py (especially the identity_from_request and identity_from_form methods) Basically, the process is: 1) You establish in your config file how you will let people log in (i.e what are your identity sources) This can be form, http_auth, visit, or some combination. 2) You establish in the config file what your login form names will be for user_name, password, and the submit button. 3) When a new request comes in, identity iterates through the identity sources to see if it can authenticate the user. If form authentication is enabled, then the framework looks for the form variables defined in the config file and tries to authenticate based on those values. All of this is handled in a cherrypy filter that occurs before the requested controller is accessed. In the default configuration, the form identity source is enabled, and the names of the login form parameters are login, user_name, and password. So, identity sees the request you have above, and believes it should authenticate the user because you have fooled it into thinking this is a login form. (BTW, this can come in handy if you want to do a simple test case using identity login credentials). If you really don't want to allow authentication via form, you would turn it off in config rather than disabling the login controller. The login controller is essentially just a way for the user to populate the apropriate login values for identity to consume. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
