On Saturday, 13 December 2014 20:49:30 UTC, Alessandro Molina wrote: > > > On Sat, Dec 13, 2014 at 9:00 PM, EoghanM <[email protected] > <javascript:>> wrote: >> >> Thanks, every reference I saw to repoze.who in the TG2 docs seems to >> point to non-specific and out of date docs. >> I'm still unsure as to whether TG2 uses the 'api' or the 'middleware' of >> repoze.who. A more specific link would still definitely be a help. >> >> > > Uhm, actually I don't see any "out of date" docs in > http://turbogears.readthedocs.org/en/latest/turbogears/authentication.html > it covers pretty well how authentication works in TG. >
Ok, looking over all my open tabs I see that all of them are under http://www.turbogears.org/2.1/docs/main/ I didn't pay attention to the version (assuming I was on the latest version of the docs), and not sure how I ended up stuck there. I definitely started off at turbogears.org so can't explain that part (as http://www.turbogears.org/documentation.html links to readthedocs), but I also did searches on Google, where the top results point to older versions of the docs: https://encrypted.google.com/search?hl=en&q=turbogears%20authentication I can imagine myself ignoring the 'readthedocs' link at position 4 there assuming it's unofficial. My bad for not being on the right version. Maybe a a note can be added to older versions linking to readthedocs (for SEO also). > If you follow that is actually pretty easy to notice that credentials are > verified by ApplicationAuthMetadata.authenticate in your config/app_cfg and > so the fastest solution is probably just to redirect to post_login with a > given error reason inside the authenticate method: > > def authenticate(self, environ, identity): > from tg.exceptions import HTTPFound > from urlparse import parse_qs > from urllib import urlencode > > login = identity['login'] > user = > self.sa_auth.dbsession.query(self.sa_auth.user_class).filter_by(user_name=identity['login']).first() > if not user: > login = None > > if user and not user.validate_password(identity['password']): > login = None > > if login is None: > params = parse_qs(environ['QUERY_STRING']) > if user is None: > params['reason'] = 'user_not_found' > else: > params['reason'] = 'invalid_password' > environ['repoze.who.application'] = HTTPFound( > location='?'.join(('/post_login', urlencode(params, True))) > ) > > return login > > If you need you can even add the username to params so that you can fill > it back inside the form. > Super, have this working now. Wasn't able to find this class the first time round. > > You mean > http://turbogears.readthedocs.org/en/latest/reference/classes.html#tg.controllers.util.auth_force_login > > ? > Cool, diving in again with the right version of the docs. -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/d/optout.
