Some progress but.......
if (not identity.current.anonymous
and identity.was_login_attempted()
and not identity.get_identity_errors()):
fails so I keep getting redirected to the login page.
Can I set this manually too?
Best regards,
Bjarni
2008/10/1 Bjarni Ragnarsson <[EMAIL PROTECTED]>:
> Chris - I think this is exactly what I'm looking for. And this is
> meant to come from a specific IP. I had some clumsy code checking
> that out. The require decorator is a bonus for me :-)
> I'll try this out tonite.
>
> Thanks all for helping me out.
>
> kv.Bjarni
>
>
> 2008/10/1 Christopher Arndt <[EMAIL PROTECTED]>:
>>
>> Uwe C. Schroeder schrieb:
>>> On Tuesday 30 September 2008, Bjarni Ragnarsson wrote:
>>>> I really need to be able to authenticate users directly in code
>>>> knowing only the user name. That is, password is unknown. The user
>>>> is authenticated outside the web.
>>>>
>>>> How can this be accomplished (without hacking TG code)?
>>>> I have TG 1.0b.
>>>
>>> Something like this might help. I assume you generate a URL for your users.
>>> Here is my code that works just fine. It's used for emails (newsletter)
>>> sent out to users and
>>> I put a URL in it so the user can log in without typing a password.
>>> So when generating the mail, I create a key which I store in the database
>>> along with the user's name
>>> The code below is what happens when the user clicks on the provided link:
>>>
>>> def signup_mail(self,*args,**kw):
>>> if identity.current.anonymous:
>>> # log him in
>>> rec=PendingSignup.get(kw.get('vkey',None))
>>> if not rec:
>>> raise redirect('/signup_mail_failed')
>>> user=User.get(rec.uid)
>>> if not user:
>>> raise redirect('/signup_mail_failed')
>>> i=identity.current_provider.validate_identity(user.user_name,
>>>
>>> user.password,
>>>
>>> identity.current.visit_key)
>>> identity.set_current_identity(i)
>>>
>>> At this point the user is logged in.
>>
>> Nice recipe. Of course it requires that the user has a password (any
>> will do) set in the database.
>>
>> If you want to log in a user unconditionally, you can use the recipe on
>> the following wiki page (which I just updated with some changes I wanted
>> to put there for a long time now):
>>
>> http://docs.turbogears.org/1.0/IdentityRecipes#log-in-a-user-object-manually
>>
>> You could then load the user in a controller object like this:
>>
>> @expose
>> def login(self, user):
>> user = User.by_user_name(user)
>> if user:
>> login_user(user)
>> redirect('/startpage')
>> flash('User not found')
>> redirect('/')
>>
>>
>> Of course this is VERY INSECURE and basically not much better than
>> having no authentication, since now the shared secret between the server
>> and the user is the username, which is usually much easier to guess than
>> a password! If this is only used inside an intranet, that might be ok,
>> but then you should put additional checks in place, e.g. that logging in
>> this way is only permitted if the client comes from a certain IP
>> (range). This can be accomplished with a
>> '@identity.require(identity.from_host(...)' host decorator, for example.
>>
>> Chris
>>
>> >>
>>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
