Hi,
I have an application that implements Basic Authentication with no-groups no-object Authorization as described by Michael Merickel at
http://michael.merickel.org/projects/pyramid_auth_demo/My init has the following bits:
authn_policy = AuthTktAuthenticationPolicy(
settings['auth.secret'],
)
authz_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
)
My login view has the following code:
@view_config(route_name='login', renderer='templates/home/login.html')
def login_view(request):
commonCSS.need()
commonJS.need()
siteScript.need()
next = request.params.get('next') or request.route_url('home')
login = ''
did_fail = False
if 'submit' in request.POST:
login = request.POST.get('login', '')
passwd = request.POST.get('passwd', '')
print "*****LST users*********"
for tuser in USERS:
print tuser
print "*************"
user = USERS.get(login, None)
if user and user.check_password(passwd):
print "************"
print "User found"
print "*************"
headers = remember(request, login)
return HTTPFound(location=next, headers=headers)
did_fail = True
return {'login': login,'failed_attempt': did_fail,'next': next}
In subsequent views of my application I check whether an user has been login with authenticated_userid(request) for example:
@view_config(route_name='profile', renderer='templates/user/profile.html')
def profile_view(request):
commonCSS.need()
commonJS.need()
siteScript.need()
login = authenticated_userid(request)
user = USERS.get(login)
if (user == None):
return HTTPFound(location=request.route_url('login'))
else:
totacy = len(getUserLog(user.login))
return {'activeUser': user,"totacy":totacy,'helpers': helpers}
If I run this application with Apache and WSGI
authenticated_userid() sometimes return empty and sometimes the logged user (randomly). However I try to replicate the same problem by running
pserve ./production.ini And I just can't reproduce the error with pserve.
Any idea what am I doing wrong?