#699: Making Root sublcass identity.SecureResource produces an infinite
recursive
loop
-------------------------------+--------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Identity | Version:
Severity: major | Resolution:
Keywords: |
-------------------------------+--------------------------------------------
Comment (by plewis):
I think this may be a case of "don't do that". Here is the probable
progression, I'm guessing a little bit.
1) User hits the url "/" unauthenticated. Identity redirects user to
"identity.failure_url", which is probably "/login" (just guessing).
2) The /login controller is protected (only admins can hit it), so
identity tries again (redirect to "/login"). Repeat forever.
Something could be done to trap the recursion, but in essence identity is
doing what you asked it to do; don't let anyone who isn't an admin see any
controllers attached to Root, and this includes the /login controller.
If you really want to do this, you are going to need to authenticate the
user outside of the root controller somehow (perhaps a static form or a
page outside of the turbogears app).
--
Ticket URL: <http://trac.turbogears.org/turbogears/ticket/699>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Tickets" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets
-~----------~----~----~----~------~----~------~--~---
