pythonpylonsrepoze.who

Handle incorrect user/password repoze.who gracefully in Python/Pylons

im using FriendlyFormPlugin, but would like to retrieve the username that was input as part of the request.params, but its no longer there when i check. this way i can set the default for username if the password is incorrect. thanks

Solution

  • I think what you need to do is to setup a post login handler action when you setup the middleware. In that action you can then check params, set a session var, etc. I had to hook into here in order to create a message to the user that their login had failed. I check for a 'login_failed' param on the login form. 

        def post_login(self):
    """ Handle logic post a user's login

    I want to create a login_handler that's redirected to after login. This would
    check 

    - if user was logged in, if not then send back to login
    - if user is admin, go to job list
    - adjust the max age on the existing cookie to XX remember me timeframe

    """
    if auth.check(not_anonymous()):
        log.debug('checked auth')
    else:
        # login failed, redirect back to login
        log.debug('failed auth')
        redirect_to(controller="root", action="login", login_failed=True)

    # expire this cookie into the future
    ck = request.cookies['authtkt']
    response.set_cookie('authtkt', ck,
            max_age=60*60*24*7,
            path='/'
    )

    redirect_to(controller="job", action="list")

    In response for more details, too big to add as another comment:

    So I've got a few things you can look at. First, this is my docs I'm writing as a repoze 'summary' to help explain to other devs how this stuff works/terminology used:

    http://72.14.191.199/docs/morpylons/auth_overview.html

    I started out using the repoze sql quickstart plugin: http://code.gustavonarea.net/repoze.what-quickstart/

    I then ripped out their setup_sql_auth and modified it for our own needs since we do both SQL and LDAP auth in our apps. Go make sure to look at the plugin source for setup_sql_auth and go through it until you really understand what it's doing.

    and since you asked on middleware config...

      app = setup_morpace_auth(app, User, Group, Permission, meta.Session,
                      post_login_url='/root/post_login',
                      post_logout_url='/login',
                      log_level='debug',
                      log_file='stdout'
                      )