On Feb 21, 7:25 pm, "Jesse James" <[EMAIL PROTECTED]> wrote: > Howdy, > I am using SqlAlchemy under TG and Flash (with FlexBuilder 2) for the > UI. > I'm trying to figure out how to get login/logout and @require > decorator to work for me. > I am not walking down the garden path of using Kid and SqlObject so it > is not really set up right out of the box. Rather I am attempting to > leverage the auth framework in TG but with different needs from the > standard template-based app - I need much more explicit rejection of > unauthorized access attempts (not redirects to a login screen). Upon > login, however, it seems that it should be quite straightforward to > setup the identity, yes? > > What I need to know is the following: > > 1. how do I write my own login controller that will explicitly set the > identity for any future requests. > 2. how do I logout. >
In general terms, what identity is doing is associating a 'visit' session (everyone visiting the site gets a unique visit key) with a user. This starts out in the visit module (http://tinyurl.com/ 376wae). Roughly, this works like: - Identity receives a new request, and eventually routes it to identity_from_request - identity_from_request tries to authenticate via the methods you specified in the config (default to form,http_auth,visit). form and http_auth basically check for credentials in the request, and the visit check (via identity_from_visit) asks the identity provider to return a user - if all the authentication methods fail, the identity is set to anonymous Ok, that's the authentication path. Now, when a user doesn't have appropriate permissions, (i.e. the identity.require check fails), an IdentityFailure exception is raised, which brings up the login form (http://tinyurl.com/2j3ecm). Logging out is done by removing the association between the user and the visit key. This happens in SqlObjectIdentity or SqlAlchemyIdentity via the logout() method. Or, in a controller, by calling identity.current.logout() Ok, so, where does that leave you. I'm not sure, so you may want to ask more questions. Some things to think about. If you set identity config options like: identity.failure_url="/my_failure_url" identity.source="visit" You would get rid of the redirect to the login form. my_failure_url could be a controller that raises an Unauthorized exception, or perhaps shows an error page. You could then setup your own login form and controller that explicitly associated the user with the visit key, using identity.current_provider.validate_identity, and bypass identity's default form login altogether. The caveat is that the only way to authenticate will be through your new login form, but it sounds like that is what you want anyways. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
