On Sep 16, 2011, at 10:35 AM, Eric wrote:
> Hey, Ross. Your solution using request.vars.token worked. Thanks!!
>
> On Sep 15, 9:06 pm, Ross Peoples <[email protected]> wrote:
>> Eric, I may have found a way to do it, but it's not pretty.
>>
>> Create a controller that only has login / logout methods. The login method
>> will return your token that is saved somewhere (cache or database).
>>
>> Then in other controllers where you need to enforce token authentication,
>> put this into your call() method:
>>
>> if 'token' in request.vars:
>> token = request.vars.token
>> if token != 'test': # you would put your own token checking logic
>> here
>> raise HTTP(401, 'Supplied token was not valid.')
>> else:
>> raise HTTP(401, 'Token must supplied as a variable in the query
>> string.')
>>
>> return service()
>
Minor point: since request.vars is Storage, you can simply say
token = request.vars.token
which is basically the same as
token = request.vars.get('token', None)
and skip the test. If token isn't present, it'll be set to None.
