[Twisted-web] RE: [Twisted-Python] Log in - state of the art?

Donovan Preston dp at ulaluma.com
Sat Nov 6 18:25:28 MST 2004


On Nov 5, 2004, at 2:00 PM, Alexander May wrote:

> 1) If the user types in something like mysite.com/foo/bar and is not 
> yet
> logged in, they get the "Sorry, but I couldn't find the object you
> requested." page.  I would like them to get the log in page, and then 
> be
> redirected to the mysite.com/foo/bar afterwards.  Can I do this?
>
> 2) How do I replace the "Sorry, but I couldn't find the object you
> requested." with my own page?

These are the same question. You need to implement ICanHandleNotFound 
and remember the implementor in the context higher than the url 
/foo/bar. You could then do one of two things:

1) Always render a login page, then when they are done logging in 
redirect to the original URL. This is done by rendering a login form 
action like so: /__login__/foo/bar. When this form is posted and login 
succeeds, the user will be redirected to /foo/bar. If it fails, the 
user will be redirected to the same url with a query parameter letting 
you know that authentication has failed.

2) Do something similar to the above, but check to see if the url 
actually exists before rendering a login page. If the url doesn't 
exist, render a 404 instead. I never bother doing this because I don't 
really see the point; it also lets potential attackers know which 
protected urls actually exist and which don't.

dp




More information about the Twisted-web mailing list