-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Grindstaff wrote:
> Hi Tres,
>
>
>>> - Is there a traceback you can show us?
>
> Nope, there is no exception.
>
>>> - Are you using a more-or-less "stock" who.ini to configure the
>>> middleware?
>
> Yes - here it is.
>
> [plugin:form]
> # identificaion and challenge
> use = repoze.who.plugins.form:make_plugin
> login_form_qs = __do_login
> rememberer_name = auth_tkt
> #form = flows/templates/flows/login_form.html
> #formcallable = auth.views:login_form
>
> [plugin:mongo]
> use = repoze.who.plugins.mongo:make_plugin
>
> [plugin:auth_tkt]
> # identification
> use = repoze.who.plugins.auth_tkt:make_plugin
> secret = m...@secr3t
> cookie_name = flows
> secure = False
> include_ip = False
>
> [general]
> request_classifier = repoze.who.classifiers:default_request_classifier
> challenge_decider = repoze.who.classifiers:default_challenge_decider
> remote_user_key = REMOTE_USER
>
> [identifiers]
> # plugin_name;classifier_name:.. or just plugin_name (good for any)
> plugins =
> form;browser
> auth_tkt
>
> [challengers]
> # plugin_name;classifier_name:.. or just plugin_name (good for any)
> plugins =
> form;browser
>
> [authenticators]
> plugins =
> auth_tkt
> mongo
>
>>> - Are you sure the middleware is in your WSGI pipeline?
>
> Yes because if I uncomment the formcallable above it does work. I just
> wanted to use the API instead.
>
>> Or maybe the docs aren't clear enough: if you call 'remember', you have
>> to inject the headers returned by 'remember' into your response.
>
> Thanks - I tried that but without success.
> headers = get_api(request.environ).remember()
> print headers returns an empty list.
This is after you did:
> request.environ['repoze.who.userid'] = form.data['login']
But you need ore information than that to do the 'remember'.
OK, so in this mode, you are expecting one of the "identifier" plugins
(the auth_tkt one) to compute a 'Set-Cookie' header which will allow you
to authenticate on subsequent requests. Calling 'remember' on the API
essentially just asks the identifier plugin which identified the user
originally to do that job.
In order to trigger that, you need to set up the 'repoze.who.identity'
in the environment as a mapping, holding all the information your
'auth_tkt' plugin needs, as well as the key which tells the API to
consult that plugin. Somthing like:
request.environ['repoze.who.identity'] = {
'identifier': 'auth_tkt',
'repoze.who.userid': form.data['login'],
}
headers = get_api(request.environ).remember()
I base this on reading the code for both the API object's 'remember'
method and the 'remember' method of the 'auth_tkl' plugin. My guess is
that we need a convenience method which makes this simpler (more like
what you tried to do in the first place).
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkubDI4ACgkQ+gerLs4ltQ6S0gCeKKuWT4ST4KOEF+cdsgT9sgIg
wx8AnAt2rT2mDVYrtvGsH8P0c6pdqOwD
=ooam
-----END PGP SIGNATURE-----
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
