Comments for Andrew McFague http://www.andrew-mcfague.com Programming in Brooklyn Sat, 16 Jul 2011 00:23:51 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on Repoze.who: Part 1 – Using authentication in your site by Andrew http://www.andrew-mcfague.com/python/repoze-who-part-1-using-authentication-in-your-site/comment-page-1/#comment-118 Andrew Sat, 16 Jul 2011 00:23:51 +0000 http://www.andrew-mcfague.com/?p=86#comment-118 This is actually not entirely True, because the middleware itself uses a <code>401</code> error code to determine whether or not it needs to issue a request. For example, you'll notice that the <code>authenticated</code> decorator aborts with a 401--this NEEDS to be caught by the repoze.who middleware, otherwise the error page will always be displayed if you haven't logged in. However, one alternative is to force the error handling middleware to ignore the 401 error--by removing it from the list of status codes the error handler will catch. If the repoze.who middleware tries to authenticate but cannot, then the 403 (or other) should trickle up to the error handling middleware. I'll have to do some testing myself to verify that this is 100% correct, but that's what my understanding is. This is actually not entirely True, because the middleware itself uses a 401 error code to determine whether or not it needs to issue a request. For example, you’ll notice that the authenticated decorator aborts with a 401–this NEEDS to be caught by the repoze.who middleware, otherwise the error page will always be displayed if you haven’t logged in.

However, one alternative is to force the error handling middleware to ignore the 401 error–by removing it from the list of status codes the error handler will catch. If the repoze.who middleware tries to authenticate but cannot, then the 403 (or other) should trickle up to the error handling middleware.

I’ll have to do some testing myself to verify that this is 100% correct, but that’s what my understanding is.

]]> Comment on Repoze.who: Part 1 – Using authentication in your site by Vincent http://www.andrew-mcfague.com/python/repoze-who-part-1-using-authentication-in-your-site/comment-page-1/#comment-117 Vincent Fri, 15 Jul 2011 21:35:14 +0000 http://www.andrew-mcfague.com/?p=86#comment-117 Great article! I definitely agree that the current repoze.who and repoze.what documentation is way too sparse for Pylons. I appreciate the write-up! However, it is my understanding that the middleware setup for repoze.who needs to be done BEFORE the <code>if asbool(full_stack):</code>. This is because repoze.who will throw an exception along with an error code, for instance, when a user fails to authenticate. The error is then passed to the StatusCodeRedirect function which then gets passed on to your applications custom error handling controller in <strong>controllers/error.py</strong>. This is what allows the developer to customize different error actions for the application. Great article! I definitely agree that the current repoze.who and repoze.what documentation is way too sparse for Pylons. I appreciate the write-up!

However, it is my understanding that the middleware setup for repoze.who needs to be done BEFORE the if asbool(full_stack):. This is because repoze.who will throw an exception along with an error code, for instance, when a user fails to authenticate. The error is then passed to the StatusCodeRedirect function which then gets passed on to your applications custom error handling controller in controllers/error.py. This is what allows the developer to customize different error actions for the application.

]]> Comment on Repoze.who: Part 1 – Using authentication in your site by Andrew http://www.andrew-mcfague.com/python/repoze-who-part-1-using-authentication-in-your-site/comment-page-1/#comment-115 Andrew Mon, 09 May 2011 17:31:31 +0000 http://www.andrew-mcfague.com/?p=86#comment-115 The answer as to whether or not you can is probably `yes`. But as for how, I’m not really sure–mostly because I have no idea how the Apache webauth module works. However, I am currently drafting my next article, which is how to extend the functionality by writing your own plug-in. Since you seem to be familiar with the webauth module, I feel fairly certain you could write your own module to add this functionality. Does that sound good? I might be able to provide more immediate support, but I think waiting on the next article is definitely your best bet. :) Andrew The answer as to whether or not you can is probably `yes`. But as for how, I’m not really sure–mostly because I have no idea how the Apache webauth module works.

However, I am currently drafting my next article, which is how to extend the functionality by writing your own plug-in. Since you seem to be familiar with the webauth module, I feel fairly certain you could write your own module to add this functionality.

Does that sound good? I might be able to provide more immediate support, but I think waiting on the next article is definitely your best bet. :)

Andrew

]]> Comment on Repoze.who: Part 1 – Using authentication in your site by Anusha Ranganathan http://www.andrew-mcfague.com/python/repoze-who-part-1-using-authentication-in-your-site/comment-page-1/#comment-113 Anusha Ranganathan Mon, 09 May 2011 13:57:25 +0000 http://www.andrew-mcfague.com/?p=86#comment-113 Hello Andrew, Thanks for the post. I have pylons / repoze working with htpasswd but need to have it working with SSO. Would you be able to provide any insight on how to achieve this? I need to integrate repoze with Apache's webauth module. Any help would be much appreciated. Regards, Anusha Hello Andrew,
Thanks for the post. I have pylons / repoze working with htpasswd but need to have it working with SSO. Would you be able to provide any insight on how to achieve this? I need to integrate repoze with Apache’s webauth module.

Any help would be much appreciated.

Regards,
Anusha

]]> Comment on tmux: a screen alternative by Jim A http://www.andrew-mcfague.com/linux/utilities-linux/tmux-a-screen-alternative/comment-page-1/#comment-94 Jim A Fri, 21 Jan 2011 17:20:00 +0000 http://redmumba.wordpress.com/?p=16#comment-94 great intro, thanks! great intro, thanks!

]]>