[TurboGears] HTTPS filter and identity issue

Thu, 14 May 2009 16:10:36 -0700 

Hi,

I'm using TG1.0.8 with modwsgi/apache.  Based on some of the doc
samples, I created a filter to force https for certain urls.  I use a
header to tell TG whether or not I'm using SSL.  The filter works for
my other pages, but when I tried to add the filter to the login
controller, I get an exception when I navigate to /login.  I would
also be fine just getting https into the identity.failure_url and
identity.force_external_redirect, but I need to be able to dynamically
turn https on/off based on config and dynamically figure out the
domain name.

Contrary to what the error says, identity.on is set to True in
app.cfg.  Here's the exception, then the code:

Traceback (most recent call last):
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/CherryPy-2.3.0-py2.5.egg/cherrypy/_cphttptools.py",
line 121, in _run
    self.main()
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/CherryPy-2.3.0-py2.5.egg/cherrypy/_cphttptools.py",
line 264, in main
    body = page_handler(*virtual_path, **self.params)
  File "<string>", line 3, in index
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/TurboGears-1.0.8-py2.5.egg/turbogears/controllers.py",
line 360, in expose
    *args, **kw)
  File "<string>", line 5, in run_with_transaction
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/TurboGears-1.0.8-py2.5.egg/turbogears/database.py",
line 407, in sa_rwt
    retval = func(*args, **kw)
  File "<string>", line 5, in _expose
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/TurboGears-1.0.8-py2.5.egg/turbogears/controllers.py",
line 373, in <lambda>
    mapping, fragment, args, kw)))
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/TurboGears-1.0.8-py2.5.egg/turbogears/controllers.py",
line 410, in _execute_func
    output = errorhandling.try_call(func, *args, **kw)
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/TurboGears-1.0.8-py2.5.egg/turbogears/errorhandling.py",
line 77, in try_call
    return func(self, *args, **kw)
  File "/data/SourceCode/myapp/myapp/controllers/Login.py", line 23, in index
    if not identity.current.anonymous and identity.was_login_attempted() \
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/TurboGears-1.0.8-py2.5.egg/turbogears/identity/__init__.py",
line 75, in __getattr__
    identity = self.identity()
  File 
"/data/SourceCode/tg1env/lib/python2.5/site-packages/TurboGears-1.0.8-py2.5.egg/turbogears/identity/__init__.py",
line 70, in identity
    raise IdentityManagementNotEnabledException()
IdentityManagementNotEnabledException: An attempt was made to use a
facility of the TurboGears Identity Management framework, but identity
management hasn't been enabled in the config file [via identity.on].

__________________________________________
## HttpsFilter.py

from cherrypy.filters.basefilter import BaseFilter
import cherrypy
from turbogears import config
import turbogears as tg
import re
import myapp.Utils as Utils

class HttpsFilter(BaseFilter):

   def before_request_body(self):
      if not config.get('httpsFilter.on', False):
         return

      print 'HTTPS Filter Activated'
      request = cherrypy.request

      isSsl = 'Y' == request.headers.get('X-Requested-Ssl', '')

      # If we did not come in through SSL, redirect
      if not isSsl:
         path = request.path
         if request.query_string:
            path = path + '?' + request.query_string
         request.base = Utils.SecureUrlBase()       # this returns
https://myapp.com or http://myapp.com if the the config setting is off
         tg.redirect(path)
_____________________________________

## LoginController.py
from turbogears import controllers, expose, identity, redirect, url
from cherrypy import request, response
from myapp.controllers.HttpsFilter import HttpsFilter

class Login(controllers.Controller):
   """
   Handles login, logout
   """

   # Attach https filter
   _cp_filters = [HttpsFilter()]

   @expose(template="myapp.templates.login")
   def index(self, forward_url = None, *args, **kw):
      if forward_url:
         if isinstance(forward_url, list):
            forward_url = forward_url.pop(0)
         else:
            del request.params['forward_url']

      if not identity.current.anonymous and identity.was_login_attempted() \
       and not identity.get_identity_errors():
         redirect(url(forward_url or '/', kw))

      if identity.was_login_attempted():
         msg = "Login incorrect"
      elif identity.get_identity_errors():
         msg = "You must login before accessing this page"
      else:
         msg = ""
         if not forward_url:
            forward_url = request.headers.get("Referer", "/")

      response.status = 401
      return dict(
       logging_in = True,
       message = msg,
       forward_url = forward_url,
       previous_url = request.path_info,
       original_parameters = request.params
      )

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to