Excerpts from Mariano Mara's message of Mon Aug 23 12:41:42 -0300 2010: > Hi there, > I'm using repoze.who openid plugin to validate users against Google > openid implementation and so far it's working ok. I implemented > IAuthenticator to validate the user in my database and then > IMetadataProvider to add some extra data (such as language, name, > gender, etc). > Now I want to protect my controllers: I need to know is the user is > authenticated and in case he's not, display the login form. For the > time being I don't care about permissions, just the authentication. > So I added the following decorator to my controllers: > > from repoze.what.plugins.pylonshq import ControllerProtector > from repoze.what.predicates import not_anonymous > > @ControllerProtector(not_anonymous()) > class PortalController(BaseController): > ... code ... > > As far as I understand, this should check if the user is not anonymous > and return a 401 in case he is, hence presenting the login form. The > problem I have is that it's always returning a 403 error and I cannot > continue to the login process. > What am I missing? Did I misunderstand the process and expected certain > out of the box behaviour that in reality does not exist and I need to > extend repoze.what to support it? > > Any tips will be appreciate. > > Mariano
Ok, it was obviously my fault. Turns out I configured repoze.who with a who.ini file and it should be done through repoze.what. Ahh, these newbies... -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
