repoze.who
Remember me in Turbogears2
Wednesday, March 10th, 2010 | Software Development | Comments
One of the problems with TG2 is that the current version doesn’t support a “standard” way to remember the user after he closes the browser. We have been able to find a quick and dirty solution that we like to share here. Keep in mind that this solution only works with recent versions of repoze.who, this works with TG2.0.3, but might not work with previous releases of TG2.
Inside the login.html we set a cookie for the remember_me option to pass it to the controller and then inside the post_login we change the cookie.
Supposing you have a #remember_me checkbox inside your login.html you can add this to set the cookie:
function set_remember_cookie() { is_checked = jQuery('#remember_me:checked').length; if (is_checked) document.cookie = 'remember_me=1'; else document.cookie = 'remember_me=0'; } jQuery(document).ready(function() { set_remember_cookie(); jQuery('#remember_me').click(set_remember_cookie); }
Then inside your post_login method in the root controller you can place:
remember_me = request.cookies.get('remember_me', 0) try: remember_me = int(remember_me) except: remember_me = 0 if remember_me: request.identity['max_age'] = 2252000 # 30 days request.identity['userdata']= "max_age" # force cookie refresh
This would remember the user for 30 days even if he closes the browser.
Using SwfUpload with TurboGears 2
Saturday, October 10th, 2009 | Web | Comments
SwfUpload doesn’t permit to upload things through authenticated methods, this is because it doesn’t pass the cookies needed to identify your users.
Partly this problem can be solved by using swfupload.cookies.js plugin. This plugins fetches all your cookies and passes them as POST arguments. This way you can get your authtkt cookie and use it to identify your user.
from webob.exc import *
from paste.auth import auth_tkt
if kw.has_key('authtkt'):
#by default it is usually configured to do not use the remote address
#otherwise you can fetch it from request.environ['REMOTE_ADDR']
remote_addr = '0.0.0.0'
#cookie secret is usually defined in your config/app_cfg.py
#as base_config.sa_auth.cookie_secret or in your development.ini
cookie_secret = "some_random_string_like_BQQP+BeyrTzTHClBCEdW"
try:
data = auth_tkt.parse_ticket(cookie_secret,
kw.get('authtkt'),
remote_addr)
username = data[1]
user = DBSession.query(User).filter_by(username=username).one()
except:
raise HTTPBadRequest
filename = kw['Filename']
file = kw['Filedata'].file
By using this code you can fetch the user that is uploading the file. This requires the method to do not use @require decorator to check for user permissions, as you will know the user only after entering the method. But you can create your own predicate if you really want to use @require.