Using SwfUpload with TurboGears 2

SwfUpload doesn’t permit to upload things through authenticated methods, this is because it doesn’t pass the cookies needed to identify your users.

Partly this problem can be solved by using swfupload.cookies.js plugin. This plugins fetches all your cookies and passes them as POST arguments. This way you can get your authtkt cookie and use it to identify your user.

from webob.exc import *
from paste.auth import auth_tkt

if kw.has_key('authtkt'):
    #by default it is usually configured to do not use the remote address
    #otherwise you can fetch it from request.environ['REMOTE_ADDR']
    remote_addr = '0.0.0.0'

    #cookie secret is usually defined in your config/app_cfg.py
    #as base_config.sa_auth.cookie_secret or in your development.ini
    cookie_secret = "some_random_string_like_BQQP+BeyrTzTHClBCEdW"

    try:
        data = auth_tkt.parse_ticket(cookie_secret, 
                                      kw.get('authtkt'), 
                                      remote_addr)
        username = data[1]
        user = DBSession.query(User).filter_by(username=username).one()
    except:
        raise HTTPBadRequest

filename = kw['Filename']
file = kw['Filedata'].file

By using this code you can fetch the user that is uploading the file. This requires the method to do not use @require decorator to check for user permissions, as you will know the user only after entering the method. But you can create your own predicate if you really want to use @require.

One thought on “Using SwfUpload with TurboGears 2

  1. Hello, I receive a 406 error while doing uploads using SWFUpload with the latest versions of Chrome under Windows. Internet explorer, Safari and Firefox behave correctly as well as older version of Chrome. I have read that this error is sometimes cause by Apache mod_security but in my case it is not even activated.
    Do somebody have any suggestion on the cause of this problem?

Leave a Reply

Your email address will not be published. Required fields are marked *