[Twisted-web] RE: [Twisted-Python] Log in - state of the art?
Donovan Preston
dp at ulaluma.com
Sat Nov 6 18:25:28 MST 2004
On Nov 5, 2004, at 2:00 PM, Alexander May wrote:
> 1) If the user types in something like mysite.com/foo/bar and is not
> yet
> logged in, they get the "Sorry, but I couldn't find the object you
> requested." page. I would like them to get the log in page, and then
> be
> redirected to the mysite.com/foo/bar afterwards. Can I do this?
>
> 2) How do I replace the "Sorry, but I couldn't find the object you
> requested." with my own page?
These are the same question. You need to implement ICanHandleNotFound
and remember the implementor in the context higher than the url
/foo/bar. You could then do one of two things:
1) Always render a login page, then when they are done logging in
redirect to the original URL. This is done by rendering a login form
action like so: /__login__/foo/bar. When this form is posted and login
succeeds, the user will be redirected to /foo/bar. If it fails, the
user will be redirected to the same url with a query parameter letting
you know that authentication has failed.
2) Do something similar to the above, but check to see if the url
actually exists before rendering a login page. If the url doesn't
exist, render a 404 instead. I never bother doing this because I don't
really see the point; it also lets potential attackers know which
protected urls actually exist and which don't.
dp
More information about the Twisted-web
mailing list