Uwe C. Schroeder schrieb:
> On Tuesday 30 September 2008, Bjarni Ragnarsson wrote:
>> I really need to be able to authenticate users directly in code
>> knowing only the user name. That is, password is unknown. The user
>> is authenticated outside the web.
>>
>> How can this be accomplished (without hacking TG code)?
>> I have TG 1.0b.
>
> Something like this might help. I assume you generate a URL for your users.
> Here is my code that works just fine. It's used for emails (newsletter) sent
> out to users and
> I put a URL in it so the user can log in without typing a password.
> So when generating the mail, I create a key which I store in the database
> along with the user's name
> The code below is what happens when the user clicks on the provided link:
>
> def signup_mail(self,*args,**kw):
> if identity.current.anonymous:
> # log him in
> rec=PendingSignup.get(kw.get('vkey',None))
> if not rec:
> raise redirect('/signup_mail_failed')
> user=User.get(rec.uid)
> if not user:
> raise redirect('/signup_mail_failed')
> i=identity.current_provider.validate_identity(user.user_name,
>
> user.password,
>
> identity.current.visit_key)
> identity.set_current_identity(i)
>
> At this point the user is logged in.
Nice recipe. Of course it requires that the user has a password (any
will do) set in the database.
If you want to log in a user unconditionally, you can use the recipe on
the following wiki page (which I just updated with some changes I wanted
to put there for a long time now):
http://docs.turbogears.org/1.0/IdentityRecipes#log-in-a-user-object-manually
You could then load the user in a controller object like this:
@expose
def login(self, user):
user = User.by_user_name(user)
if user:
login_user(user)
redirect('/startpage')
flash('User not found')
redirect('/')
Of course this is VERY INSECURE and basically not much better than
having no authentication, since now the shared secret between the server
and the user is the username, which is usually much easier to guess than
a password! If this is only used inside an intranet, that might be ok,
but then you should put additional checks in place, e.g. that logging in
this way is only permitted if the client comes from a certain IP
(range). This can be accomplished with a
'@identity.require(identity.from_host(...)' host decorator, for example.
Chris
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
