Thanks Jeff for the input. This looks even better. IIRC I tried a similar approach using the pyramid.security.unauthenticated_userid method without success. Anyway your approch works and I prefer this over the tween.
I am using pyramid_tm. The referesh of the authentification did not work on every request here and I am not aware of haveing set any of the named options. But I might be wrong in my remembering... Jeff Dairiki <[email protected]> schrieb am Fr., 10. Juli 2015 um 00:13 Uhr: > Another way to ensure that authentification happens every request: > > @subscriber(NewRequest) > def refresh_auth_cookie(event): > event.request.unauthenticated_userid > > As a side-note, if you happen to be using pyramid_tm, its tween is > probably already doing this for you. Unless disabled by one of the > tm.activate_hook, or tm.annotate_user app settings, it sets the user > annotation on the transaction from unauthenticated_userid on every > request. > > On Thu, Jul 9, 2015 at 1:16 PM, Torsten Irländer <[email protected]> > wrote: > >> I came up with a first version of a tween which seems to do what I want >> on the first tests. Does this look reasonable or is there a better way? >> >> from pyramid.interfaces import IAuthenticationPolicy >> >> def refresh_auth_timeout_factory(handler, registry): >> def refresh_auth_timeout_tween(request): >> """The tween will refresh the the timeout of the >> authentification cookie on every request. On default this >> only happens on requests which needs >> authentification/authorisation. As the authentification should >> be valid as long the user shows some activity by triggering >> requests this tween will refresh the timeout on every request.""" >> policy = request.registry.queryUtility(IAuthenticationPolicy) >> policy.cookie.identify(request) >> return handler(request) >> return refresh_auth_timeout_tween >> >> Torsten Irländer <[email protected]> schrieb am Do., 9. Juli 2015 um >> 21:02 Uhr: >> >>> Hi, >>> I am using the AuthTktAuthenticationPolicy for authentification and set >>> a timeout to invalidate the auth_tkt cookie after some time of user >>> inactivity. The cookie's timeout is reissued on every request which >>> requires an authetification. This works good so far. >>> >>> What I want is to reissue the cookie on every request and not only on >>> the ones which requires authentification. >>> So how to explicit trigger the refresh/reissue of the authentification >>> cookie? Can someone give me an example? >>> >>> My preferred approach so far is to implement this in a tween. Is this a >>> reasonable way? >>> >>> Torsten >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "pylons-discuss" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at http://groups.google.com/group/pylons-discuss. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "pylons-discuss" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/pylons-discuss. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/pylons-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
