I am building an application and I would like to try and use authkit for authentication and authorization. However, I know that I will be using swfupload and will not be able to rely on the auth cookie being passed through Flash. In the past I have rolled my own cookie/auth solution from the ground up but I would love to avoid doing that this time.
Is there a way to configuration开发者_C百科 authkit.authenticate.cookie
to fallback to a POST
or GET
param if the cookie is not found? Or is there an easy method to add this functionality on top of the form, cookie
or redirect, cookie
methods?
I came across this same problem just today. The most common solution people seem to be using is to inject the Authkit cookie values back into the request's cookies from a POST var, which is added to the request by the swfupload cookies plugin. There are some recipes out there for doing this, but I couldn't find one for Pylons.
I've thrown together this little piece of middleware which seems to do the job.
from webob import Request
class AuthkitCookieFromPost(object):
"""Injects authkit cookie value from swfupload cookies plugin"""
def __init__(self, app):
self.app = app
def __call__(self, environ, start_response):
request = Request(environ)
authkit_token = request.POST.get('authkit')
cookies = environ.get('HTTP_COOKIE')
if authkit_token and not cookies:
environ['HTTP_COOKIE'] = "authkit=" + authkit_token
return self.app(environ, start_response)
You need to include this in your middleware config so that it's called before Authkit, ie. below it in the conf.
精彩评论