Re: [TurboGears] Re: repos.who and pylons xmlrpc controller.

[Diez B. Roggisch]

On a related note: the below code will actually crash the xmlrpc  
client. You need to talk proper xmlrpc to it, using xmlrpclib.dumps.

Diez
Am 08.06.2010 um 01:08 schrieb Gustavo Narea <m...@gustavonarea.net>:

Diez said:
I'm sorry, but this won't work. The fault here is certainly not on
repoze.wh* side, but what you presented so far is just working to
authenticate the login call itself. But obviously the OP wants a  
bunch
of authenticated (and possibly authorized) API-calls, not just one.

If he wants to authenticate once and accept subsequent calls from the
authenticated client, there are much easier ways to accomplish that.

Taking your example of returning a token which would be sent back in
subsequent connections, my original code would be modified to  
something like:

"""
from repoze.who.interfaces import IIdentifier
from webob import Request
from zope.interfaces import implements

class XmlRpcIdentifier(object):
   implements(IIdentifier)

   classifications = {IIdentifier: ["xmlrpc"]}

   def identify(self, environ):
       request = Request(environ)
       if "login" in request.POST and "password" in request.POST:
           credentials = {
               'login': request.POST['login'],
               'password': request.POST['password'],
               }
           environ['repoze.who.application'] = AuthnResponse 
(**credentials)
       else:
           credentials = None
       return credentials


class AuthnResponse(object):

   def __init__(self, login, password):
       self._token = hash_it("s3cr3t", login, password)

   def __call__(self, environ, start_response):
       headers = [
           ("Content-Type", "text/plain"),
           ("Content-Length", str(len(self._token))),
           ]
       start_response("200 OK", headers)
       return [self._token]
"""

That's it. Then repoze.who and repoze.what would behave as usual,  
with no
additional steps/workarounds/etc.

HTH,

- Gustavo.

--
You received this message because you are subscribed to the Google  
Groups "TurboGears" group.
To post to this group, send email to turboge...@googlegroups.com.
To unsubscribe from this group, send email to turbogears+unsubscr...@googlegroups.com 
.
For more options, visit this group at http://groups.google.com/group/turbogears?hl=en 
.


--
You received this message because you are subscribed to the Google Groups 
"TurboGears" group.
To post to this group, send email to turboge...@googlegroups.com.
To unsubscribe from this group, send email to 
turbogears+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/turbogears?hl=en.