Navigation

← Previous Changeset
Next Changeset →

Changeset 5187

Timestamp:

08/21/08 06:30:07 (5 months ago)

Author:

chrisz

Message:

By changing identity.failure_url and setting identity.force_external_redirect, it should be possible to login via https. Unfortunately, this did not work because of some flaws in the login mechanism: The login form creates two hidden fields for forward_url, and the login controller did not cope with the resulting list. Also, the previous_url parameter was not really used and has been removed. Another small problem was that the master template used a hardcoded login url instead of the url from the configuration.

Files:

branches/1.0/turbogears/identity/exceptions.py (modified) (1 diff)
branches/1.0/turbogears/identity/saprovider.py (modified) (3 diffs)
branches/1.0/turbogears/identity/soprovider.py (modified) (5 diffs)
branches/1.0/turbogears/qstemplates/quickstartbig/+package+/controllers/root.py_tmpl (modified) (2 diffs)
branches/1.0/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl (modified) (2 diffs)
branches/1.0/turbogears/qstemplates/quickstart/+package+/templates/master.kid (modified) (1 diff)
branches/1.1/turbogears/identity/exceptions.py (modified) (2 diffs)
branches/1.1/turbogears/identity/saprovider.py (modified) (3 diffs)
branches/1.1/turbogears/identity/soprovider.py (modified) (4 diffs)
branches/1.1/turbogears/qstemplates/quickstartbig/+package+/controllers/root.py_tmpl (modified) (2 diffs)
branches/1.1/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl (modified) (2 diffs)
branches/1.1/turbogears/qstemplates/quickstart/+package+/templates/master.html (modified) (1 diff)
branches/1.5/turbogears/identity/exceptions.py (modified) (2 diffs)
branches/1.5/turbogears/identity/saprovider.py (modified) (3 diffs)
branches/1.5/turbogears/identity/soprovider.py (modified) (4 diffs)
branches/1.5/turbogears/qstemplates/quickstartbig/+package+/controllers/root.py_tmpl (modified) (2 diffs)
branches/1.5/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl (modified) (3 diffs)
branches/1.5/turbogears/qstemplates/quickstart/+package+/templates/master.html (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/1.0/turbogears/identity/exceptions.py

r4769	r5187
77	77	if callable(url):
78	78	url = url(errors)
79		force_external = turbogears.config.get(
80		"identity.force_external_redirect", False)
81		if force_external:
82		# We need to use external redirect for https since
83		# we are managed by Apache/nginx or something else
84		# that CherryPy won't find.
	79	if turbogears.config.get('identity.force_external_redirect', False):
	80	# We need to use external redirect for https since we are managed
	81	# by Apache/nginx or something else that CherryPy won't find.
	82	# We also need to set the forward_url, because the Referer header
	83	# won't work with an external redirect.
85	84	params = cherrypy.request.params
86		params['forward_url'] = cherrypy.request.path
	85	params['forward_url'] = cherrypy.request.object_path
87	86	raise cherrypy.HTTPRedirect(turbogears.url(url, params))
88	87	else:

branches/1.0/turbogears/identity/saprovider.py

r4200	r5187
12	12	except NameError: # Python 2.3
13	13	from sets import Set as set, ImmutableSet as frozenset
	14
14	15
15	16	# Global class references --
…	…
20	21	visit_class = None
21	22
	23
22	24	class SqlAlchemyIdentity(object):
23	25	"""Identity that uses a model from a database (via SQLAlchemy)."""
…	…
112	114	return visit_class.query.filter_by(visit_key=self.visit_key).first()
113	115	visit_link = property(_get_visit_link)
	116
	117	def _get_login_url(self):
	118	"""Get the URL for the login page."""
	119	return identity.get_failure_url()
	120	login_url = property(_get_login_url)
114	121
115	122	def login(self):

branches/1.0/turbogears/identity/soprovider.py

r4358	r5187
22	22	except NameError: # Python 2.3
23	23	from sets import Set as set, ImmutableSet as frozenset
	24
24	25
25	26	def to_db_encoding(s, encoding):
…	…
32	33	return s
33	34
	35
34	36	class DeprecatedAttr(object):
35	37	def __init__(self, old_name, new_name):
…	…
46	48	(self.old_name, self.new_name), DeprecationWarning)
47	49	return setattr(obj, self.new_name, value)
	50
48	51
49	52	# Global class references --
…	…
53	56	permission_class = None
54	57	visit_class = None
	58
55	59
56	60	class SqlObjectIdentity(object):
…	…
157	161	visit_link = property(_get_visit_link)
158	162
	163	def _get_login_url(self):
	164	"""Get the URL for the login page."""
	165	return identity.get_failure_url()
	166	login_url = property(_get_login_url)
	167
159	168	def login(self):
160	169	"""Set the link between this identity and the visit."""

branches/1.0/turbogears/qstemplates/quickstartbig/+package+/controllers/root.py_tmpl

r5156	r5187
23	23
24	24	${b}expose(template="${package}.templates.login")${e}
25		def login(self, forward_url=None, previous_url=None, args, *kw):
	25	def login(self, forward_url=None, args, *kw):
	26
	27	if forward_url:
	28	if isinstance(forward_url, list):
	29	forward_url = forward_url.pop(0)
	30	else:
	31	del request.params['forward_url']
26	32
27	33	if not identity.current.anonymous and identity.was_login_attempted() \
28	34	and not identity.get_identity_errors():
29		redirect(tg.url(forward_url or previous_url or '/', kw))
30
31		forward_url = None
32		previous_url = request.object_path
	35	redirect(tg.url(forward_url or '/', kw))
33	36
34	37	if identity.was_login_attempted():
…	…
38	41	msg = _("You must provide your credentials before accessing "
39	42	"this resource.")
	43	if not forward_url:
	44	forward_url = request.object_path
40	45	else:
41	46	msg = _("Please log in.")
42		forward_url = request.headers.get("Referer", "/")
	47	if not forward_url:
	48	forward_url = request.headers.get("Referer", "/")
43	49
44	50	response.status = 403
45		return dict(message=msg, previous_url=previous_url, logging_in=True,
46		original_parameters=request.params, forward_url=forward_url)
	51	return dict(logging_in=True, message=msg,
	52	forward_url=forward_url, previous_url=request.object_path,
	53	original_parameters=request.params)
47	54
48	55	${b}expose()${e}

branches/1.0/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl

r5156	r5187
23	23
24	24	${b}expose(template="${package}.templates.login")${e}
25		def login(self, forward_url=None, previous_url=None, args, *kw):
	25	def login(self, forward_url=None, args, *kw):
	26
	27	if forward_url:
	28	if isinstance(forward_url, list):
	29	forward_url = forward_url.pop(0)
	30	else:
	31	del request.params['forward_url']
26	32
27	33	if not identity.current.anonymous and identity.was_login_attempted() \
28	34	and not identity.get_identity_errors():
29		redirect(tg.url(forward_url or previous_url or '/', kw))
30
31		forward_url = None
32		previous_url = request.object_path
	35	redirect(tg.url(forward_url or '/', kw))
33	36
34	37	if identity.was_login_attempted():
…	…
38	41	msg = _("You must provide your credentials before accessing "
39	42	"this resource.")
	43	if not forward_url:
	44	forward_url = request.object_path
40	45	else:
41	46	msg = _("Please log in.")
42		forward_url = request.headers.get("Referer", "/")
	47	if not forward_url:
	48	forward_url = request.headers.get("Referer", "/")
43	49
44	50	response.status = 403
45		return dict(message=msg, previous_url=previous_url, logging_in=True,
46		original_parameters=request.params, forward_url=forward_url)
	51	return dict(logging_in=True, message=msg,
	52	forward_url=forward_url, previous_url=request.object_path,
	53	original_parameters=request.params)
47	54
48	55	${b}expose()${e}

branches/1.0/turbogears/qstemplates/quickstart/+package+/templates/master.kid

r3811	r5187
23	23	<div py:if="tg.config('identity.on') and not defined('logging_in')" id="pageLogin">
24	24	<span py:if="tg.identity.anonymous">
25		<a href="${tg.url(~~'/login'~~)}">Login</a>
	25	<a href="${tg.url(tg.identity.login_url)}">Login</a>
26	26	</span>
27	27	<span py:if="not tg.identity.anonymous">

branches/1.1/turbogears/identity/exceptions.py

r4769	r5187
14	14	def get_identity_errors():
15	15	return getattr(cherrypy.request, 'identity_errors', [])
	16
	17
	18	def get_failure_url(errors=None):
	19	url = turbogears.config.get('identity.failure_url', None)
	20	if url is None:
	21	msg = "Missing URL for identity failure. Please fix this in app.cfg"
	22	raise IdentityConfigurationException(msg)
	23	if callable(url):
	24	url = url(errors)
	25	return url
16	26
17	27
…	…
71	81	"""Setup identity errors on the request and get URL from config."""
72	82	set_identity_errors(errors)
73		url = turbogears.config.get('identity.failure_url', None)
74		if url is None:
75		msg = "Missing URL for identity failure. Please fix this in app.cfg"
76		raise IdentityConfigurationException(msg)
77		if callable(url):
78		url = url(errors)
79		force_external = turbogears.config.get(
80		"identity.force_external_redirect", False)
81		if force_external:
82		# We need to use external redirect for https since
83		# we are managed by Apache/nginx or something else
84		# that CherryPy won't find.
	83	url = get_failure_url(errors)
	84	if turbogears.config.get('identity.force_external_redirect', False):
	85	# We need to use external redirect for https since we are managed
	86	# by Apache/nginx or something else that CherryPy won't find.
	87	# We also need to set the forward_url, because the Referer header
	88	# won't work with an external redirect.
85	89	params = cherrypy.request.params
86		params['forward_url'] = cherrypy.request.path
	90	params['forward_url'] = cherrypy.request.object_path
87	91	raise cherrypy.HTTPRedirect(turbogears.url(url, params))
88	92	else:

branches/1.1/turbogears/identity/saprovider.py

r4200	r5187
7	7	import logging
8	8	log = logging.getLogger("turbogears.identity.saprovider")
	9
9	10
10	11	# Global class references --
…	…
15	16	visit_class = None
16	17
	18
17	19	class SqlAlchemyIdentity(object):
18	20	"""Identity that uses a model from a database (via SQLAlchemy)."""
…	…
107	109	return None
108	110	return visit_class.query.filter_by(visit_key=self.visit_key).first()
	111
	112	@property
	113	def login_url(self):
	114	"""Get the URL for the login page."""
	115	return identity.get_failure_url()
109	116
110	117	def login(self):

branches/1.1/turbogears/identity/soprovider.py

r4199	r5187
16	16	hub = PackageHub("turbogears.identity")
17	17	__connection__ = hub
	18
18	19
19	20	def to_db_encoding(s, encoding):
…	…
26	27	return s
27	28
	29
28	30	# Global class references --
29	31	# these will be set when the provider is initialised.
…	…
32	34	permission_class = None
33	35	visit_class = None
	36
34	37
35	38	class SqlObjectIdentity(object):
…	…
136	139	return None
137	140
	141	@property
	142	def login_url(self):
	143	"""Get the URL for the login page."""
	144	return identity.get_failure_url()
	145
138	146	def login(self):
139	147	"""Set the link between this identity and the visit."""

branches/1.1/turbogears/qstemplates/quickstartbig/+package+/controllers/root.py_tmpl

r5156	r5187
23	23
24	24	@expose(template="${package}.templates.login")
25		def login(self, forward_url=None, previous_url=None, args, *kw):
	25	def login(self, forward_url=None, args, *kw):
	26
	27	if forward_url:
	28	if isinstance(forward_url, list):
	29	forward_url = forward_url.pop(0)
	30	else:
	31	del request.params['forward_url']
26	32
27	33	if not identity.current.anonymous and identity.was_login_attempted() \
28	34	and not identity.get_identity_errors():
29		redirect(tg.url(forward_url or previous_url or '/', kw))
30
31		forward_url = None
32		previous_url = request.object_path
	35	redirect(tg.url(forward_url or '/', kw))
33	36
34	37	if identity.was_login_attempted():
…	…
38	41	msg = _("You must provide your credentials before accessing "
39	42	"this resource.")
	43	if not forward_url:
	44	forward_url = request.object_path
40	45	else:
41	46	msg = _("Please log in.")
42		forward_url = request.headers.get("Referer", "/")
	47	if not forward_url:
	48	forward_url = request.headers.get("Referer", "/")
43	49
44	50	response.status = 403
45		return dict(message=msg, previous_url=previous_url, logging_in=True,
46		original_parameters=request.params, forward_url=forward_url)
	51	return dict(logging_in=True, message=msg,
	52	forward_url=forward_url, previous_url=request.object_path,
	53	original_parameters=request.params)
47	54
48	55	@expose()

branches/1.1/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl

r5156	r5187
23	23
24	24	@expose(template="${package}.templates.login")
25		def login(self, forward_url=None, previous_url=None, args, *kw):
	25	def login(self, forward_url=None, args, *kw):
	26
	27	if forward_url:
	28	if isinstance(forward_url, list):
	29	forward_url = forward_url.pop(0)
	30	else:
	31	del request.params['forward_url']
26	32
27	33	if not identity.current.anonymous and identity.was_login_attempted() \
28	34	and not identity.get_identity_errors():
29		redirect(tg.url(forward_url or previous_url or '/', kw))
30
31		forward_url = None
32		previous_url = request.object_path
	35	redirect(tg.url(forward_url or '/', kw))
33	36
34	37	if identity.was_login_attempted():
…	…
38	41	msg = _("You must provide your credentials before accessing "
39	42	"this resource.")
	43	if not forward_url:
	44	forward_url = request.object_path
40	45	else:
41	46	msg = _("Please log in.")
42		forward_url = request.headers.get("Referer", "/")
	47	if not forward_url:
	48	forward_url = request.headers.get("Referer", "/")
43	49
44	50	response.status = 403
45		return dict(message=msg, previous_url=previous_url, logging_in=True,
46		original_parameters=request.params, forward_url=forward_url)
	51	return dict(logging_in=True, message=msg,
	52	forward_url=forward_url, previous_url=request.object_path,
	53	original_parameters=request.params)
47	54
48	55	@expose()

branches/1.1/turbogears/qstemplates/quickstart/+package+/templates/master.html

r3671	r5187
26	26	<div py:if="tg.config('identity.on') and not defined('logging_in')" id="pageLogin">
27	27	<span py:if="tg.identity.anonymous">
28		<a href="${tg.url(~~'/login'~~)}">Login</a>
	28	<a href="${tg.url(tg.identity.login_url)}">Login</a>
29	29	</span>
30	30	<span py:if="not tg.identity.anonymous">

branches/1.5/turbogears/identity/exceptions.py

r5020	r5187
14	14	def get_identity_errors():
15	15	return getattr(cherrypy.request, 'identity_errors', [])
	16
	17
	18	def get_failure_url(errors=None):
	19	url = turbogears.config.get('identity.failure_url', None)
	20	if url is None:
	21	msg = "Missing URL for identity failure. Please fix this in app.cfg"
	22	raise IdentityConfigurationException(msg)
	23	if callable(url):
	24	url = url(errors)
	25	return url
16	26
17	27
…	…
71	81	"""Setup identity errors on the request and get URL from config."""
72	82	set_identity_errors(errors)
73		url = cherrypy.request.config.get('identity.failure_url', None)
74		if url is None:
75		msg = "Missing URL for identity failure. Please fix this in app.cfg"
76		raise IdentityConfigurationException(msg)
77		if callable(url):
78		url = url(errors)
79		force_external = cherrypy.request.config.get(
80		"identity.force_external_redirect", False)
81		if force_external:
82		# We need to use external redirect for https since
83		# we are managed by Apache/nginx or something else
84		# that CherryPy won't find.
	83
	84	url = get_failure_url(errors)
	85	if turbogears.config.get('identity.force_external_redirect', False):
	86	# We need to use external redirect for https since we are managed
	87	# by Apache/nginx or something else that CherryPy won't find.
	88	# We also need to set the forward_url, because the Referer header
	89	# won't work with an external redirect.
85	90	params = cherrypy.request.params
86	91	params['forward_url'] = cherrypy.request.path_info

branches/1.5/turbogears/identity/saprovider.py

r4200	r5187
7	7	import logging
8	8	log = logging.getLogger("turbogears.identity.saprovider")
	9
9	10
10	11	# Global class references --
…	…
15	16	visit_class = None
16	17
	18
17	19	class SqlAlchemyIdentity(object):
18	20	"""Identity that uses a model from a database (via SQLAlchemy)."""
…	…
107	109	return None
108	110	return visit_class.query.filter_by(visit_key=self.visit_key).first()
	111
	112	@property
	113	def login_url(self):
	114	"""Get the URL for the login page."""
	115	return identity.get_failure_url()
109	116
110	117	def login(self):

branches/1.5/turbogears/identity/soprovider.py

r5020	r5187
16	16	hub = PackageHub("turbogears.identity")
17	17	__connection__ = hub
	18
18	19
19	20	def to_db_encoding(s, encoding):
…	…
26	27	return s
27	28
	29
28	30	# Global class references --
29	31	# these will be set when the provider is initialised.
…	…
32	34	permission_class = None
33	35	visit_class = None
	36
34	37
35	38	class SqlObjectIdentity(object):
…	…
136	139	return None
137	140
	141	@property
	142	def login_url(self):
	143	"""Get the URL for the login page."""
	144	return identity.get_failure_url()
	145
138	146	def login(self):
139	147	"""Set the link between this identity and the visit."""

branches/1.5/turbogears/qstemplates/quickstartbig/+package+/controllers/root.py_tmpl

r5020	r5187
23	23
24	24	@expose(template="${package}.templates.login")
25		def login(self, forward_url=None, previous_url=None, args, *kw):
	25	def login(self, forward_url=None, args, *kw):
	26
	27	if forward_url:
	28	if isinstance(forward_url, list):
	29	forward_url = forward_url.pop(0)
	30	else:
	31	del request.params['forward_url']
26	32
27	33	if not identity.current.anonymous and identity.was_login_attempted() \
28	34	and not identity.get_identity_errors():
29		redirect(tg.url(forward_url or previous_url or '/', kw))
30
31		forward_url = None
32		previous_url = request.path_info
	35	redirect(tg.url(forward_url or '/', kw))
33	36
34	37	if identity.was_login_attempted():
…	…
38	41	msg = _("You must provide your credentials before accessing "
39	42	"this resource.")
	43	if not forward_url:
	44	forward_url = request.path_info
40	45	else:
41	46	msg = _("Please log in.")
42		forward_url = request.headers.get("Referer", "/")
	47	if not forward_url:
	48	forward_url = request.headers.get("Referer", "/")
43	49
44	50	response.status = 403
45		return dict(message=msg, previous_url=previous_url, logging_in=True,
46		original_parameters=request.params, forward_url=forward_url)
	51	return dict(logging_in=True, message=msg,
	52	forward_url=forward_url, previous_url=request.path_info,
	53	original_parameters=request.params)
47	54
48	55	@expose()

branches/1.5/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl

r5020	r5187
23	23
24	24	@expose(template="${package}.templates.login")
25		def login(self, forward_url=None, previous_url=None, args, *kw):
	25	def login(self, forward_url=None, args, *kw):
	26
	27	if forward_url:
	28	if isinstance(forward_url, list):
	29	forward_url = forward_url.pop(0)
	30	else:
	31	del request.params['forward_url']
26	32
27	33	if not identity.current.anonymous and identity.was_login_attempted() \
28	34	and not identity.get_identity_errors():
29		redirect(tg.url(forward_url or previous_url or '/', kw))
30
31		forward_url = None
32		previous_url = request.path_info
	35	redirect(tg.url(forward_url or '/', kw))
33	36
34	37	if identity.was_login_attempted():
…	…
38	41	msg = _("You must provide your credentials before accessing "
39	42	"this resource.")
	43	if not forward_url:
	44	forward_url = request.path_info
40	45	else:
41	46	msg = _("Please log in.")
…	…
43	48
44	49	response.status = 403
45		return dict(message=msg, previous_url=previous_url, logging_in=True,
46		original_parameters=request.params, forward_url=forward_url)
	50	return dict(logging_in=True, message=msg,
	51	forward_url=forward_url, previous_url=request.path_info,
	52	original_parameters=request.params)
47	53
48	54	@expose()

branches/1.5/turbogears/qstemplates/quickstart/+package+/templates/master.html

r3671	r5187
26	26	<div py:if="tg.config('identity.on') and not defined('logging_in')" id="pageLogin">
27	27	<span py:if="tg.identity.anonymous">
28		<a href="${tg.url(~~'/login'~~)}">Login</a>
	28	<a href="${tg.url(tg.identity.login_url)}">Login</a>
29	29	</span>
30	30	<span py:if="not tg.identity.anonymous">

Navigation

Changeset 5187

Legend:

Download in other formats: