Georges,
Thank you for the new version, but I believe the issue that I encountered
is different. I believe the customized login view sample code is
incomplete (at least for persona novices). Isn't the user already logged
in via persona by the time the login function determines that the email is
not in the whitelist? If so, shouldn't the client be redirected to a url
that will automatically call navigator.id.logout? Perhaps a comment
similar to the following will suffice:
def login(request):
email = verify_login('email')
if email not in whitelist:
request.session.flash('Sorry, you are not on the list')
return {'redirect': '/'} # note: redirected url must call
navigator.id.logout
Here's another change that you may want to make to __init__.py:
Instead of:
authn_policy = AuthTktAuthenticationPolicy(secret, hashalg='sha512')
Allow users to set a groupfinder callback:
groupfinder = settings.get('persona.groupfinder', None)
authn_policy = AuthTktAuthenticationPolicy(secret, hashalg='sha512',
callback=groupfinder)
Thank you again for your work on the pyramid_persona library. It is much
appreciated.
Peter
On Thursday, May 23, 2013 10:41:38 AM UTC-4, Georges Dubus wrote:
>
> Hello
>
> I just uploaded a new version that should solve your problem. It change
> the way to redefine the login view, so please update yours according to
> https://pyramid_persona.readthedocs.org/en/latest/customization.html#do-extra-work-or-verification-at-login.
>
> Can you tell me if it solved your problem ?
>
> Georges
>
> Le mardi 14 mai 2013 20:58:21 UTC+2, Peter Santoro a écrit :
>>
>> I'm fairly new to pyramid and mozilla persona and I would greatly
>> appreciate some assistance with a problem I'm having. Following the
>> pyramid_persona documentation, I did manage to get persona working (or so I
>> thought). I then tried customizing my login process as discussed on
>> https://pyramid_persona.readthedocs.org/en/latest/customization.html.
>>
>> In the customized login example given, the login function redirects to
>> '/' if the verified email is not on the whitelist. I'm redirecting to a
>> loggedout view that calls navigator.id.logout() inside $(document).ready.
>> According to
>> https://developer.mozilla.org/en-US/docs/Mozilla/Persona/The_implementor_s_guide/Call_logout%28%29_after_a_failed_login?redirectlocale=en-US&redirectslug=Persona%2FThe_implementor_s_guide%2FCall_logout%28%29_after_a_failed_login,
>>
>> you must call navigator.id.logout() on a failed login to avoid an endless
>> loop of failed login attempts.
>>
>> The documentation on
>> https://developer.mozilla.org/en-US/docs/DOM/navigator.id.logout further
>> states: "This function does not make the browser clear the user's
>> certificate and signing key. So after calling logout(), a new login
>> attempt may or may not ask the user for a new password, depending on the
>> freshness of the certificate their identity provider gave them.*However, it
>> will certainly prompt the user to select an email address and
>> confirm that they want to sign in.*" I'm not seeing the behavior where
>> the user is prompted to select an email address and confirm they want to
>> sign in.
>>
>> After logging out via the pyramid_persona logout button or as a result of
>> using an email address not on my whitelist (both paths do call
>> navigator.id.logout), if I attempt to go to one of the application's urls
>> which require permissions, I'm redirected to the forbidden view (with the
>> mozilla persona login button). This redirection is expected behavior, but
>> it then immediately executes the login sequence without hitting the mozilla
>> persona login button. To prevent the auto-relogin behavior, I also have to
>> go to https://login.persona.org and click the "Sign Out" button after
>> logging out of the application. I get this auto-relogin behavior whether I
>> use my customized login view or the one provided by pyramid_persona.
>>
>> I'm sure I'm doing something wrong and I would appreciate some pointers
>> on how to correct this issue. I just found these, so maybe it's not me?
>>
>> https://github.com/mozilla/browserid/issues/3386
>> https://github.com/mozilla/browserid/pull/3398
>>
>> Thank you in advance for your assistance,
>>
>> Peter
>>
>
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
