On Feb 1, 2009, at 11:47 PM, Marcin Stępnicki wrote:
> def signin(self): > > if request.method == 'POST': > try: > (...) > except formencode.Invalid, error: > (...) > else: > (...) > else: > return formencode.htmlfill.render ( > html, > defaults = (...), > errors = (...), > encoding = 'utf-8') > > Because authenticate_form validator always checks for token key > (even if > request method is GET), my pattern fails because I can't even render a > page without a token :->. I've changed the decorator to execute only > when > there's something in request.POST (or perhaps I should check for > request.method?) -> http://pastebin.com/f1411a3bd > > Is this correct and do you think it's reasonable to merge this patch > into > trunk? I think it's safer having @authenticate_form explicitly bug out when authentication fails, for whatever reason. This isn't really a problem since you can easily separate your GET/POST code via the rest decorators: @rest.dispatch_on(POST='_signin_form') def signin(self): return formencode.htmlfill.render (... @authenticate_form def _signin_form(self): try: -- Philip Jenvey --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en -~----------~----~----~----~------~----~------~--~---
