TG 2.3.8 login_handler error 404 while authenticating
42 views
Skip to first unread message
zov...@gmail.com
Mar 27, 2017, 8:10:25 AM3/27/17
to TurboGears
Hi,
I'm having a problem with a site deployed with a prefix. Authorization for the site is enabled but I cannot pass login phase. After I enter username and password i get redirected to:
https://website/prefix/login_handler?__logins=0&came_from=%2Fprefix%2F
but I get error 404
As a consequence I cannot access any pages that require authorization.
If I serve the same site with gearbox (without a prefix) I can pass login phase and afterwords access authenticated pages through prefix (for instance https://website/prefix/admin/).
The same goes for logout (error 404 after redirected to https://website/prefix/logout_handler).
Tried to check login handler and logout handler but could not find them in controllers.
The same error happens in TG 2.3.10.
What can be done about it?
With Best Regards
Ervin
I'm having a problem with a site deployed with a prefix. Authorization for the site is enabled but I cannot pass login phase. After I enter username and password i get redirected to:
https://website/prefix/login_handler?__logins=0&came_from=%2Fprefix%2F
but I get error 404
As a consequence I cannot access any pages that require authorization.
If I serve the same site with gearbox (without a prefix) I can pass login phase and afterwords access authenticated pages through prefix (for instance https://website/prefix/admin/).
The same goes for logout (error 404 after redirected to https://website/prefix/logout_handler).
Tried to check login handler and logout handler but could not find them in controllers.
The same error happens in TG 2.3.10.
What can be done about it?
With Best Regards
Ervin
Alessandro Molina
Mar 28, 2017, 4:33:58 AM3/28/17
to TurboGears
As the login process happens before request is involved it doesn't rely on tg.url so you probably need to manually add the prefix into config.app_cfg. ApplicationAuthMetadata.authenticate there you should see a call for HTTPFound which sends to "/login". You need to environ['SCRIPT_NAME'] before the "/login"
If that doesn't fix all your problems let me know, I'll try to check and came up with all the required changes.
This is btw a bug In the quickstart template, I'll address it into a 2.3.11 release.
--
You received this message because you are subscribed to the Google Groups "TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbogears+unsubscribe@googlegroups.com.
To post to this group, send email to turbo...@googlegroups.com.
Visit this group at https://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.
Alessandro Molina
Mar 28, 2017, 7:00:07 PM3/28/17
to TurboGears
I can confirm that missing SCRIPT_NAME in ApplicationAuthMetadata.authenticate was the source of the issue, I added tests for this to avoid future regressions ( https://github.com/TurboGears/tg2devtools/commit/843e927008c80f7f2fc41dbfd18e7a7dc285be6c )
zov...@gmail.com
Mar 29, 2017, 9:20:28 AM3/29/17
to TurboGears
Hi,
I tried the approach you mentioned and changed authenticate the following way:
It works OK without prefix but with prefix it looks like it does not execute authenticate at all (login_succ.txt is empty unlike without prefix).
I hope it helps.
Best Regards
Ervin
I tried the approach you mentioned and changed authenticate the following way:
def authenticate(self, environ, identity):
### Addition
print >>open('login_succ.txt', 'a'), "\n\nEnviron start ", environ, "\n\n"
### Addition end
login = identity['login']
user = self.sa_auth.dbsession.query(self.sa_auth.user_class).filter_by(
user_name=login
).first()
if not user:
login = None
elif not user.validate_password(identity['password']):
login = None
if login is None:
### Addition
### Addition end
from urllib.parse import parse_qs, urlencode
except ImportError:
from urlparse import parse_qs
from urllib import urlencode
from tg.exceptions import HTTPFound
params = parse_qs(environ['QUERY_STRING'])
params.pop('password', None) # Remove password in case it was there
if user is None:
params['failure'] = 'user-not-found'
else:
params['login'] = identity['login']
params['failure'] = 'invalid-password'
# When authentication fails send user to login page.
location='?'.join(('%s/login' %(environ['SCRIPT_NAME']), urlencode(params, True)))
#location='?'.join(('/login', urlencode(params, True)))
)
### Addition
environ['LOGIN_SUCC'] = 'true'
print >>open('login_succ.txt', 'a'), "\n\nEnviron end ", environ, "\n\n"
### Addition end
It works OK without prefix but with prefix it looks like it does not execute authenticate at all (login_succ.txt is empty unlike without prefix).
I hope it helps.
Best Regards
Ervin
Alessandro Molina
Mar 29, 2017, 5:08:28 PM3/29/17
to TurboGears
On Wed, Mar 29, 2017 at 3:20 PM, <zov...@gmail.com> wrote:
It works OK without prefix but with prefix it looks like it does not execute authenticate at all (login_succ.txt is empty unlike without prefix).
prefix shouldn't matter into that, as far as you are posting the login data to "/prefix/login_handler" you should be going through the authentication.
Just check that the form in login.html does post that to that url.
zov...@gmail.com
Apr 7, 2017, 8:08:36 AM4/7/17
to TurboGears
Hi,
here is the URL: https://webapp.esabor.intranet/machines/login_handler?__logins=0&came_from=%2Fmachines%2F (prefix is machines), but I'm still getting error 404 and login_succ.txt is stil empty (so it gets posted to /prefix/login_handler but login_handler does not get found).
Are there any other suggestions where to look for the cause.
here is the URL: https://webapp.esabor.intranet/machines/login_handler?__logins=0&came_from=%2Fmachines%2F (prefix is machines), but I'm still getting error 404 and login_succ.txt is stil empty (so it gets posted to /prefix/login_handler but login_handler does not get found).
Are there any other suggestions where to look for the cause.
Reply all
Reply to author
Forward
0 new messages