I did use identity.set_current_identity, but (AFAIK) it doesn't create the corresponding VisitIdentity object in the database, so I had to do a bit more to get it to work. If I can get away without the rest of the boilerplate, I'd love to strip down the code more. Is there some magic going on that I'm missing?
On Feb 25, 12:54 pm, "Jorge Vargas" <[EMAIL PROTECTED]> wrote: > both of you could improve your code with this > function.http://trac.turbogears.org/browser/tags/1.0.1/turbogears/identity/__i... > > On 2/25/07, Rick <[EMAIL PROTECTED]> wrote: > > > > > I haven't tested the code above, but below is what I use to log in a > > user (extended from the SA quickstart identity). I believe logging > > out is as simple as identity.current.logout() > > > class User(object): > > # ... quickstart boilerplate skipped.... > > def identity_login(self): > > ident = identity.current_provider.authenticated_identity(self) > > key = visit.current().key > > ident.visit_key = key > > identity.set_current_identity(ident) > > vi = session.query(VisitIdentity).selectfirst( > > VisitIdentity.c.visit_key==key) > > if vi is None: > > vi = VisitIdentity(visit_key=key, user_id=self.user_id) > > session.save(vi) > > else: > > vi.user_id = self.user_id > > > On Feb 24, 10:21 pm, "Patrick Lewis" <[EMAIL PROTECTED]> wrote: > > > I don't think that will persist outside of the current request (i.e. > > > the user won't stay logged in). How about something like (untested): > > > >http://paste.turbogears.org/paste/1067 > > > > On Feb 24, 5:03 pm, "Jesse James" <[EMAIL PROTECTED]> wrote: > > > > > Can you validate this code then (assume for now that password is > > > > cleartext in the DB)? > > > > > @tg.expose() > > > > def login(self, username, password): > > > > result = 'ok' > > > > user=User.get_by(user_name=username) > > > > if(user): > > > > if(user.password == password): > > > > identity.set_current_identity(user) > > > > else: > > > > result = 'invalid login' > > > > else: > > > > result = "invalid login" > > > > return result > > > > > On Feb 22, 5:57 am, "Patrick Lewis" <[EMAIL PROTECTED]> wrote: > > > > > > On Feb 21, 7:25 pm, "Jesse James" <[EMAIL PROTECTED]> wrote: > > > > > > > Howdy, > > > > > > I am using SqlAlchemy under TG and Flash (with FlexBuilder 2) for > > > > > > the > > > > > > UI. > > > > > > I'm trying to figure out how to get login/logout and @require > > > > > > decorator to work for me. > > > > > > I am not walking down the garden path of using Kid and SqlObject so > > > > > > it > > > > > > is not really set up right out of the box. Rather I am attempting to > > > > > > leverage the auth framework in TG but with different needs from the > > > > > > standard template-based app - I need much more explicit rejection of > > > > > > unauthorized access attempts (not redirects to a login screen). Upon > > > > > > login, however, it seems that it should be quite straightforward to > > > > > > setup theidentity, yes? > > > > > > > What I need to know is the following: > > > > > > > 1. how do I write my own login controller that will explicitly set > > > > > > the > > > > > >identityfor any future requests. > > > > > > 2. how do I logout. > > > > > > In general terms, whatidentityis doing is associating a 'visit' > > > > > session (everyone visiting the site gets a unique visit key) with a > > > > > user. This starts out in the visit module (http://tinyurl.com/ > > > > > 376wae). Roughly, this works like: > > > > > > -Identityreceives a new request, and eventually routes it to > > > > > identity_from_request > > > > > - identity_from_request tries to authenticate via the methods you > > > > > specified in the config (default to form,http_auth,visit). form and > > > > > http_auth basically check for credentials in the request, and the > > > > > visit check (via identity_from_visit) asks theidentityprovider to > > > > > return a user > > > > > - if all the authentication methods fail, theidentityis set to > > > > > anonymous > > > > > > Ok, that's the authentication path. Now, when a user doesn't have > > > > > appropriate permissions, (i.e. theidentity.require check fails), an > > > > > IdentityFailure exception is raised, which brings up the login form > > > > > (http://tinyurl.com/2j3ecm). > > > > > > Logging out is done by removing the association between the user and > > > > > the visit key. This happens in SqlObjectIdentity or SqlAlchemyIdentity > > > > > via the logout() method. Or, in a controller, by > > > > > callingidentity.current.logout() > > > > > > Ok, so, where does that leave you. I'm not sure, so you may want to > > > > > ask more questions. Some things to think about. > > > > > > If you setidentityconfig options like: > > > > > > identity.failure_url="/my_failure_url"identity.source="visit" > > > > > > You would get rid of the redirect to the login form. my_failure_url > > > > > could be a controller that raises an Unauthorized exception, or > > > > > perhaps shows an error page. You could then setup your own login form > > > > > and controller that explicitly associated the user with the visit key, > > > > > usingidentity.current_provider.validate_identity, and > > > > > bypassidentity'sdefault form login altogether. The caveat is that > > > > > the only > > > > > way to authenticate will be through your new login form, but it sounds > > > > > like that is what you want anyways. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
