Geek Answers Handbook

How do I handle waste with repoze.who (and bottle.py)?

I am trying to make paper.py work with repoze.who, and so far I have managed to put together the following very simplified program to make it work, using a combination of different examples that I found. Obviously, this is not what I started in production, I'm just trying to make the least complicated code so that I can learn how to use it, but, unfortunately, the tutorials on using bottle.py with repoze.who are very small and far away.

This example below works and allows someone to login with username / password admin / admin. What should I do with repoze.who for the logout () function to work? I collect there a function of forgetting, which may be for this purpose, but I cannot understand how I should call it.

Thanks.

from bottle import route, run, app, get, abort, request from StringIO import StringIO import repoze from repoze.who.middleware import PluggableAuthenticationMiddleware from repoze.who.interfaces import IIdentifier from repoze.who.interfaces import IChallenger from repoze.who.plugins.basicauth import BasicAuthPlugin from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin from repoze.who.plugins.cookie import InsecureCookiePlugin from repoze.who.plugins.form import FormPlugin from repoze.who.plugins.htpasswd import HTPasswdPlugin from repoze.who.classifiers import default_request_classifier from repoze.who.classifiers import default_challenge_decider import logging, sys import pprint @route('/') def root(): if request.environ.get('repoze.who.identity') is None: abort(401, "Not authenticated") return "Authenticated" @route('/hello') def index(): identity = request.environ.get('repoze.who.identity') if identity == None: abort(401, "Not authenticated") user = identity.get('repoze.who.userid') return '<b>Hello %s!</b>' % user @route('/logout') def logout(): # I have no idea what to put here pass io = StringIO() salt = 'aa' for name, password in [ ('admin', 'admin'), ('paul', 'paul') ]: io.write('%s:%s\n' % (name, password)) io.seek(0) def cleartext_check(password, hashed): return password == hashed htpasswd = HTPasswdPlugin(io, cleartext_check) basicauth = BasicAuthPlugin('repoze.who') auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt') form = FormPlugin('__do_login', rememberer_name='auth_tkt') form.classifications = { IIdentifier:['browser'], IChallenger:['browser'] } identifiers = [('form', form),('auth_tkt',auth_tkt),('basicauth',basicauth)] authenticators = [('htpasswd', htpasswd)] challengers = [('form',form), ('basicauth',basicauth)] mdproviders = [] log_stream = None import os if os.environ.get('WHO_LOG'): log_stream = sys.stdout middleware = PluggableAuthenticationMiddleware( app(), identifiers, authenticators, challengers, mdproviders, default_request_classifier, default_challenge_decider, log_stream = log_stream, log_level = logging.DEBUG ) if __name__ == '__main__': run(app=middleware, host='0.0.0.0', port=8080, reloader=True) else: application = middleware run(host='0.0.0.0', port=8080)
+4
source share
2 answers

If you can use RedirectingFormPlugin , not FormPlugin . RedirectingFormPlugin allows you to register exit URLs. You do not need to implement the /logout handler, since RedirectingFormPlugin intercepts the request and processes calls to forget, etc. For you. I used this with Bobo and appengine and it works well.

+2
source

if you still want to do it in an unauthorized way in the old repoze.who v1, after working for me:

 from bottle import response # , redirect # ... @route('/logout') def logout(): identity = request.environ.get('repoze.who.identity') if identity: for (i_name, i) in identifiers: hdrs = i.forget(request.environ, identity) [ response.add_header(*h) for h in hdrs ] ## following would be nice, but does not work, ## since redirect is not using defined response headers # rfr = request.get_header('referer', '/') # redirect(rfr) ## so we do just this: return "you have been hopefully logged out"
0
source

More articles:


All Articles