On Oct 18, 8:54 pm, Alessandro Molina <[email protected]>
wrote:
> I think that the fastest way is to use a predicate in Any with the
> not_anonymous one that checks for a valid secret.
> Take a look
> athttp://turbogears.org/2.1/docs/main/Auth/Authorization.html#custom-si...
>
I wanted to do it at the identity level but this is fine too
Thanks I did it this way :
=== How I use it ===
class ServiceController(BaseController):
allow_only = predicates.Any(quick_access('/service',
'service_id'), predicates.not_anonymous(), msg=l_('Must be logged
in'))
=== Then the predicat ====
class quick_access(Predicate):
message = 'quick access mismatch'
def __init__(self, url, id, **kwargs):
self.url=url
self.id=id
super(quick_access, self).__init__(**kwargs)
def evaluate(self, environ, credentials):
if not 'paste.parsed_dict_querystring' in environ or not
'quick' in environ['paste.parsed_dict_querystring'][0]:
# not a quick_access request
self.unmet()
url=environ['pylons.routes_dict']['url']
if url!=self.url:
# not the ggod url for this request
self.unmet()
quick=environ['paste.parsed_dict_querystring'][0]['quick']
id=environ['paste.parsed_dict_querystring'][0][self.id]
if self.id=='service_id':
# quick access for service, maybe other classes will be
implemented later
service=model.DBSession().query(model.Service).filter_by(service_id=id).first()
if not service:
self.unmet()
else:
quick_key=hashlib.md5('service:%s:%s' % (id,
service.domain.secret)).hexdigest()
if quick!=quick_key:
self.unmet()
user=service.domain.owner
groups=map(lambda x:x.group_name, user.groups)
tg.request.identity={ 'userdata': '',
'repoze.who.userid': user.user_name, 'timestamp': time.time(),
'tokens': [''],
'user':user, 'groups':groups,
'permissions': user.permissions }
try:
tg.tmpl_context.tz_local=pytz.timezone(user.timezone)
except (AttributeError, pytz.UnknownTimeZoneError):
pass
tg.tmpl_context.quick_link=True
else:
self.unmet()
=== how I generate my quick access link ====
quick=hashlib.md5('service:%d:%s' % (service_id,
service.domain.secret)).hexdigest()
quick_link=urlparse.urljoin(urlparse.urlunsplit((tg.config.mk_https,
tg.config.mk_web_host_name, '', '', '')), tg.url('/service',
dict(service_id=service_id, quick=quick)))
quick_key=quick if tg.tmpl_context.quick_link else None # to
generate URL with quick when needed
=== how I use it in my template ===
<p py:if="not tmpl_context.quick_link and quick_link">To view
this page without authentication, use this link ${quick_link}</p>
=== how I integrate it in my existing links ===
<a href="${tg.url('/service/',
dict(service_id=service.service_id, graph=key, quick=quick_key))}">
=== Don't forget my base controller ===
class BaseController(TGController):
def __call__(self, environ, start_response):
....
tmpl_context.quick_link=False
> On Tue, Oct 18, 2011 at 6:55 PM, aspineux <[email protected]> wrote:
> > Hi
>
> > I have some pages (protected by authentication) that I want to share
> > with unregistered user
>
> > For example
>
> >http://hostname/service?service_id=123
>
> > This page works when I'm authenticated, And I want to provide this one
>
> >http://hostname/service?service_id=123&secret=A56F72E7ED6783E2
>
> > to unregistered user.
>
> > How to let the TG2.0 authentication layer allows them to access this
> > page without authentication.
>
> > Any hint or sample somewhere ?
>
> > Thanks
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "TurboGears" group.
> > To post to this group, send email to [email protected].
> > To unsubscribe from this group, send email to
> > [email protected].
> > For more options, visit this group
> > athttp://groups.google.com/group/turbogears?hl=en.
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
