On Sat, Dec 13, 2014 at 9:00 PM, EoghanM <[email protected]> wrote: > > Thanks, every reference I saw to repoze.who in the TG2 docs seems to point > to non-specific and out of date docs. > I'm still unsure as to whether TG2 uses the 'api' or the 'middleware' of > repoze.who. A more specific link would still definitely be a help. > >
Uhm, actually I don't see any "out of date" docs in http://turbogears.readthedocs.org/en/latest/turbogears/authentication.html it covers pretty well how authentication works in TG. If you follow that is actually pretty easy to notice that credentials are verified by ApplicationAuthMetadata.authenticate in your config/app_cfg and so the fastest solution is probably just to redirect to post_login with a given error reason inside the authenticate method: def authenticate(self, environ, identity): from tg.exceptions import HTTPFound from urlparse import parse_qs from urllib import urlencode login = identity['login'] user = self.sa_auth.dbsession.query(self.sa_auth.user_class).filter_by(user_name=identity['login']).first() if not user: login = None if user and not user.validate_password(identity['password']): login = None if login is None: params = parse_qs(environ['QUERY_STRING']) if user is None: params['reason'] = 'user_not_found' else: params['reason'] = 'invalid_password' environ['repoze.who.application'] = HTTPFound( location='?'.join(('/post_login', urlencode(params, True))) ) return login If you need you can even add the username to params so that you can fill it back inside the form. > Cheers, but ain't gonna need these, and further, I'd say for the majority > of projects we can stop at the description of 'overly complex'. I'd have > no problem adding extra modules or introducing extra complexity if I did > need some of those alternate mechanisms. > TG2 should include a 'native' way to login a user against the tg_user > table (the one that is generated in the quickstart). It's a deal-breaker > for me that this core bit of functionality isn't easily hackable and > customizable (and that it doesn't do the right thing by default). > You mean http://turbogears.readthedocs.org/en/latest/reference/classes.html#tg.controllers.util.auth_force_login ? -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/d/optout.
