On Tue, Jan 5, 2010 at 10:38 AM, Matt Feifarek <matt.feifa...@gmail.com> wrote: > On Mon, Jan 4, 2010 at 11:57 AM, James Gardner <ja...@pythonweb.org> wrote: >> >> One tip though, I now believe using exceptions to trigger the 401 and >> 403 responses and then intercepting them in WSGI middleware is not a >> good design pattern. New code I'm working on generates a normal >> response in the authorization decorators or whereever the check fails >> instead of in the WSGI middleware. > > Interesting. Does this mean that you return a 200 status for bad auth, or > that you return 400 status errors and tell the StatusCodeRedirect not to eat > those 40x code errors? > I know that this was argued about at some length on the list a year ago or > so... don't want to re-hash that discussion. Just wondering what your new > recommendations are.
I think by "normal response" he means a normal 401 or 403 response. In controllers you should be able to call abort(4xx or 5xx) and have the right thing happen. Abort raises HTTPException (defined in webob.exc), although I'm not sure where they're being caught. It's not in StatusCodeRedirect (which I always comment out in my applications because I'd rather have plain white error messages) or ErrorHandler (because I get the same behavior whether it's commented or not). There's no 'except' in pylons.wsgiapp, just try/finally. The only other one I could find is in paste.httpserver, which writes a text/plain "Internal Server Error" for any unhandled exception. However, HTTPException is already caught by that point. If AuthKit does not depend on Pylons it would not be able to call abort(), so it would have to set the status manually. -- Mike Orr <sluggos...@gmail.com>
-- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-disc...@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
