[TurboGears] Re: HTTP Basic authentication

Tue, 10 Oct 2006 01:18:31 -0700 

Rune Hansen wrote:
> 
> On 9. okt. 2006, at 18.29, Steve Holden wrote:
> 
> 
>>I've just spent half a day stumbling around looking for the most
>>sensible way to allow realm-based HTTP basic authentication inside  
>>a TG
>>application, and I have to say I'm none the wiser.
>>
>>Can anyone point me at a succinct discussion of this topic, or a  
>>recipe
>>for providing this feature?
>>
> 
> Hi Steve,
> Been a while since I've looked at the identity code so there might be  
> a more "stright forward" way than mine.
> But, this works.
> 
>      @expose(template="yourapp.templates.login")
>      def login(self, forward_url=None, previous_url=None, *args, **kw):
>          if not identity.current.anonymous and  
> identity.was_login_attempted() and not identity.get_identity_errors():
>              raise redirect(forward_url)
>          forward_url=None
>          previous_url= cherrypy.request.path
>          if not cherrypy.request.headers.get("Authorization",False):
>              msg= _("BasicAuth required")
>              previous_url= cherrypy.request.path
>              cherrypy.response.headers['WWW-Authenticate'] = 'Basic  
> realm="Your restricted area"'
>              cherrypy.response.status=401
>          else:
>              if identity.was_login_attempted():
>                  msg=_("The credentials you supplied were not correct  
> or "
>                         "did not grant access to this resource.")
>              elif identity.get_identity_errors():
>                  msg=_("You must provide your credentials before  
> accessing "
>                         "this resource.")
>              else:
>                  msg=_("Please log in.")
>                  forward_url= cherrypy.request.headers.get("Referer",  
> "/")
>              cherrypy.response.status=403
>          return dict(message=msg, previous_url=previous_url,  
> logging_in=True,
>                      original_parameters=cherrypy.request.params,
>                      forward_url=forward_url)
> 
> Auth will "fall back" to normal login in case BasicAuth fails. You  
> could of course just raise 401 again.
> 
>
Thanks, Rune, that looks like enough to get me started. Man, there's a 
lot to learn to get TG going, isn't there ...

regards
  Steve
-- 
Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC/Ltd          http://www.holdenweb.com
Skype: holdenweb       http://holdenweb.blogspot.com
Recent Ramblings     http://del.icio.us/steve.holden

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/turbogears
-~----------~----~----~----~------~----~------~--~---

Reply via email to