I fear did get all the details of authtkt in pyramid.authentication.
I have a Pyramid based service authenticating users against LDAP in
order to grant them access to a webservice.
Until know the service was only for one domain valid. There is a reverse
proxy in front and I may fetch the domain from the "X-Forwarded-For"
header.
But since domain is set usually on service startup/configuration time I
hard coded the domain name in the ini-file and set it like so::
authn_policy = AuthTktAuthenticationPolicy(
secret=settings.get('auth.secret'),
cookie_name=settings.get('auth.cookie_name'),
hashalg=settings.get('auth.hashalg'),
callback=groupfinder,
domain=settings.get('auth.cookie.domain'),
)
config.set_authentication_policy(authn_policy)
>From now on I need to have the domain dynamic based on the header
mentioned above (cookie has to be valid mutually exclusive for: 'foo.de'
or 'bar.de').
Looking at pyramid.authentication and AuthTKTHelper I did not find an
easy way to plug in a callable or something dynamic to get the domain
for the cookie.
What I did - and what works fine - is to patch the domain attribute on
AuthTKTHelper like so::
def _domain_getter(self):
req = get_current_request()
return req.headers.get('X-Forwarded-Server', 'localhost')
def _domain_setter(self, value):
pass
_domain_patch = property(fget=_domain_getter, fset=_domain_setter)
# patch pyramid.authentication.AuthTktCookieHelper
AuthTktCookieHelper.domain = _domain_patch
But in my opinion this is far from elegant or pluggable. Did I miss
something? Is there a better method to achieve the same goal?
regards Jens
--
Klein & Partner KG, member of BlueDynamics Alliance
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.
