Good luck, it seemed quite daunting when I first looked at it, but it's not too bad. I actually ended up using bcrypt to store passwords, and I could make the authentication system as secure as I wanted it. You could also look into writing a decorator to protect every URL you want, that seems like a pretty logical thing to do. If you need any other pointers feel free to ask!
Ryan On May 15, 2012, at 9:13 PM, Bill Seitz <[email protected]> wrote: > Thanks, I'll try to piece things together. > > On May 15, 5:53 pm, Shannon Cruey <[email protected]> > wrote: >> I'm doing a very rich UI with authentication, but it's all custom. In my >> experience, while the *concept* of registration/user >> management/authentication is standard, the *implementation* always has some >> nuances. I suspect that's why there isn't a cookie-cutter authentication >> scheme out there. (Not to mention if there was one, and everyone loved it >> and used it, it would be far less secure.) >> >> I do the basics from the docs page here:http://webpy.org/docs/0.3/sessions >> >> I then extended that with my specific database stuff for logging in, >> checking password, etc. >> >> For ensuring a user remains authenticated, I put the user_id in the >> session. I use an auth handler that fires on every request - and throws >> you back to the login page if your cookie ever goes away. (/bypass is an >> example of a url that *is* allowed, even without an authenticated session. >> Be aware, it appears /static is exempt by default, so don't put anything >> secret in there.) >> >> def auth_app_processor(handle): >> path = web.ctx.path >> >> if path == "/bypass": >> return handle() >> >> if path != "/login" and not session.get('user', False): >> raise web.seeother('/login?msg=' + urllib.quote_plus("Session >> expired.")) >> >> return handle() >> >> Just banged this out while eating lunch. Hope it helps. >> NSC >> >> >> >> >> >> >> >> On Tue, May 15, 2012 at 12:52 PM, Bill Seitz <[email protected]> wrote: >>> Is there no "standard" library for web.py for providing register/login/ >>> etc.? >> >>> The docs page doesn't have much:http://webpy.org/cookbook/userauth >> >>> I found this nice-looking jpscaletti library, but it wouldn't work for >>> me, and the only reference to it in this group was from someone else >>> who hit the same wall with no resolution. >>> http://jpscaletti.com/webpy_auth/ >> >>> Is nobody building user UI with web.py, or is just nobody sharing the >>> code? >> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "web.py" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/webpy?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
