Is your JWTAuthTktCookieHelper successful in setting request.authenticated_userid?
Pyramid keeps a pretty nice separate between authentication, permissions, and ACLs. I suggest you use this to your advantage. First, make sure that your authentication works and ignore authorization. Here’s the step in the Pyramid quick tutorial that does authentication without worrying about authorization (or databases): http://docs.pylonsproject.org/projects/pyramid//en/latest/quick_tutorial/authentication.html If you can get that tutorial step working with your JWT-in-cookies (meaning, after login, you can print request.authenticated_userid), *then* worry about authorization and databases. —Paul > On Jul 2, 2015, at 9:33 AM, Matheo <[email protected]> wrote: > > Hello, > > I don't understand verry well how authentication/authorization works with > pyramid. I mean, how the server remembers if the user can access or not to a > classic root like that for instance : > > @view_config( > route_name='core/currentUser', > renderer='json' > ) > > #default permissions already setted to read : > config.set_default_permission('read') > > > And after the user has already passed the login check function : > > @view_config( > route_name=route_prefix+'login', > permission=NO_PERMISSION_REQUIRED, > request_method='POST') > def login(request): > user_id = request.POST.get('user_id', '') > pwd = request.POST.get('password', '') > user = DBSession.query(User).filter(User.id==user_id).one() > if user is not None and user.check_password(pwd): > headers = remember(request, user_id) > response = request.response > response.headerlist.extend(headers) > transaction.commit() > return response > else: > transaction.commit() > return HTTPUnauthorized() > > > Acutally I want to overwrite the authentication system in order to use a Json > Web Token cookie. > This post presents what I want to do : > https://github.com/ajkavanagh/pyramid_jwtauth/issues/9 (mine) > I started among other stuff to write a JWTAuthTktCookieHelper class in order > to keep more or less the AuthTktAuthenticationPolicy behaviors (remember > function) but with a JWT cookie and through the JWTAuthenticationPolicy > <https://github.com/ajkavanagh/pyramid_jwtauth/blob/master/pyramid_jwtauth/__init__.py> > (optional, I can extend AuthTktAuthenticationPolicy). I'm not sure it's > enought, I don't see how the permissions are keeped server side, is it via a > session? > > Hopping to be clear. > Thank you! > > (be back on saturday) > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at http://groups.google.com/group/pylons-discuss > <http://groups.google.com/group/pylons-discuss>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
