开发者

How can I do authkit authentication with Cookies and/or a GET/POST param?

开发者 https://www.devze.com 2022-12-20 22:02 出处:网络
I am building an application and I would like to try and use authkit for authentication and authorization. However, I know that I will be using swfupload and will not be able to rely on the auth cooki

I am building an application and I would like to try and use authkit for authentication and authorization. However, I know that I will be using swfupload and will not be able to rely on the auth cookie being passed through Flash. In the past I have rolled my own cookie/auth solution from the ground up but I would love to avoid doing that this time.

Is there a way to configuration开发者_C百科 authkit.authenticate.cookie to fallback to a POST or GET param if the cookie is not found? Or is there an easy method to add this functionality on top of the form, cookie or redirect, cookie methods?


I came across this same problem just today. The most common solution people seem to be using is to inject the Authkit cookie values back into the request's cookies from a POST var, which is added to the request by the swfupload cookies plugin. There are some recipes out there for doing this, but I couldn't find one for Pylons.

I've thrown together this little piece of middleware which seems to do the job.

from webob import Request

class AuthkitCookieFromPost(object):
    """Injects authkit cookie value from swfupload cookies plugin"""

    def __init__(self, app):
        self.app = app

    def __call__(self, environ, start_response):
        request = Request(environ)
        authkit_token = request.POST.get('authkit')
        cookies = environ.get('HTTP_COOKIE')
        if authkit_token and not cookies:
          environ['HTTP_COOKIE'] = "authkit=" + authkit_token
        return self.app(environ, start_response)

You need to include this in your middleware config so that it's called before Authkit, ie. below it in the conf.

0

精彩评论

暂无评论...
验证码 换一张
取 消