I haven't tested the code above, but below is what I use to log in a
user (extended from the SA quickstart identity). I believe logging
out is as simple as identity.current.logout()
class User(object):
# ... quickstart boilerplate skipped....
def identity_login(self):
ident = identity.current_provider.authenticated_identity(self)
key = visit.current().key
ident.visit_key = key
identity.set_current_identity(ident)
vi = session.query(VisitIdentity).selectfirst(
VisitIdentity.c.visit_key==key)
if vi is None:
vi = VisitIdentity(visit_key=key, user_id=self.user_id)
session.save(vi)
else:
vi.user_id = self.user_id
On Feb 24, 10:21 pm, "Patrick Lewis" <[EMAIL PROTECTED]> wrote:
> I don't think that will persist outside of the current request (i.e.
> the user won't stay logged in). How about something like (untested):
>
> http://paste.turbogears.org/paste/1067
>
> On Feb 24, 5:03 pm, "Jesse James" <[EMAIL PROTECTED]> wrote:
>
> > Can you validate this code then (assume for now that password is
> > cleartext in the DB)?
>
> > @tg.expose()
> > def login(self, username, password):
> > result = 'ok'
> > user=User.get_by(user_name=username)
> > if(user):
> > if(user.password == password):
> > identity.set_current_identity(user)
> > else:
> > result = 'invalid login'
> > else:
> > result = "invalid login"
> > return result
>
> > On Feb 22, 5:57 am, "Patrick Lewis" <[EMAIL PROTECTED]> wrote:
>
> > > On Feb 21, 7:25 pm, "Jesse James" <[EMAIL PROTECTED]> wrote:
>
> > > > Howdy,
> > > > I am using SqlAlchemy under TG and Flash (with FlexBuilder 2) for the
> > > > UI.
> > > > I'm trying to figure out how to get login/logout and @require
> > > > decorator to work for me.
> > > > I am not walking down the garden path of using Kid and SqlObject so it
> > > > is not really set up right out of the box. Rather I am attempting to
> > > > leverage the auth framework in TG but with different needs from the
> > > > standard template-based app - I need much more explicit rejection of
> > > > unauthorized access attempts (not redirects to a login screen). Upon
> > > > login, however, it seems that it should be quite straightforward to
> > > > setup theidentity, yes?
>
> > > > What I need to know is the following:
>
> > > > 1. how do I write my own login controller that will explicitly set the
> > > >identityfor any future requests.
> > > > 2. how do I logout.
>
> > > In general terms, whatidentityis doing is associating a 'visit'
> > > session (everyone visiting the site gets a unique visit key) with a
> > > user. This starts out in the visit module (http://tinyurl.com/
> > > 376wae). Roughly, this works like:
>
> > > -Identityreceives a new request, and eventually routes it to
> > > identity_from_request
> > > - identity_from_request tries to authenticate via the methods you
> > > specified in the config (default to form,http_auth,visit). form and
> > > http_auth basically check for credentials in the request, and the
> > > visit check (via identity_from_visit) asks theidentityprovider to
> > > return a user
> > > - if all the authentication methods fail, theidentityis set to
> > > anonymous
>
> > > Ok, that's the authentication path. Now, when a user doesn't have
> > > appropriate permissions, (i.e. theidentity.require check fails), an
> > > IdentityFailure exception is raised, which brings up the login form
> > > (http://tinyurl.com/2j3ecm).
>
> > > Logging out is done by removing the association between the user and
> > > the visit key. This happens in SqlObjectIdentity or SqlAlchemyIdentity
> > > via the logout() method. Or, in a controller, by
> > > callingidentity.current.logout()
>
> > > Ok, so, where does that leave you. I'm not sure, so you may want to
> > > ask more questions. Some things to think about.
>
> > > If you setidentityconfig options like:
>
> > > identity.failure_url="/my_failure_url"identity.source="visit"
>
> > > You would get rid of the redirect to the login form. my_failure_url
> > > could be a controller that raises an Unauthorized exception, or
> > > perhaps shows an error page. You could then setup your own login form
> > > and controller that explicitly associated the user with the visit key,
> > > usingidentity.current_provider.validate_identity, and
> > > bypassidentity'sdefault form login altogether. The caveat is that the
> > > only
> > > way to authenticate will be through your new login form, but it sounds
> > > like that is what you want anyways.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
