Automatic authentication
0 views
Skip to first unread message
Jordi Fernández
Sep 8, 2008, 2:12:49 PM9/8/08
to AuthKit
Hi,
I'm using AuthKit-0.4.1dev_r143 with Pylons 0.9.6.2 like this:
http://wiki.pylonshq.com/display/pylonscookbook/AuthKit+0.4+UsersFromDatabase+with+SQLAlchemy+0.4+and+SQLAlchemyManager
I'm making a recover password process. The user receive an email with
a link and when he follows it, an action enables his acount. The
problem is that then, I want to redirect the user to his settings, so
I need to authenticate the user automatically.
How I can do it? I don't know how to start...
Thanks
I'm using AuthKit-0.4.1dev_r143 with Pylons 0.9.6.2 like this:
http://wiki.pylonshq.com/display/pylonscookbook/AuthKit+0.4+UsersFromDatabase+with+SQLAlchemy+0.4+and+SQLAlchemyManager
I'm making a recover password process. The user receive an email with
a link and when he follows it, an action enables his acount. The
problem is that then, I want to redirect the user to his settings, so
I need to authenticate the user automatically.
How I can do it? I don't know how to start...
Thanks
Rick Flosi
Sep 8, 2008, 2:22:12 PM9/8/08
to aut...@googlegroups.com
The url you send the user should not require authentication.
The controller there should validate the url parameters to determine that it's a valid request and who the user is and expire that url. Then set a new generated password for the user. Then you need to create and set the AuthKit cookie for the user. Now they should be logged in, so just redirect them to the settings url and have them reset their password. (I am assuming you are storing passwords encrypted and that you can't actually retrieve the password.)
You'll have to dig into the AuthKit code for setting the cookie. Maybe there is a function you can just call. I don't know off hand.
Make sense?
-r.
The controller there should validate the url parameters to determine that it's a valid request and who the user is and expire that url. Then set a new generated password for the user. Then you need to create and set the AuthKit cookie for the user. Now they should be logged in, so just redirect them to the settings url and have them reset their password. (I am assuming you are storing passwords encrypted and that you can't actually retrieve the password.)
You'll have to dig into the AuthKit code for setting the cookie. Maybe there is a function you can just call. I don't know off hand.
Make sense?
-r.
Jordi Fernández
Sep 8, 2008, 2:27:30 PM9/8/08
to aut...@googlegroups.com
Ok, I have all the process, only I need to set the AuthKit Cookie. I'm
going to see how to do it.
going to see how to do it.
Thanks
2008/9/8 Rick Flosi <rick....@gmail.com>:
Jordi Fernández
Sep 8, 2008, 5:12:58 PM9/8/08
to aut...@googlegroups.com
I created the cookie with:
request.environ['paste.auth_tkt.set_user'](user.username)
And then I redirected the user to his settings. All works fine.
Thanks.
2008/9/8 Jordi Fernández <jordi...@gmail.com>:
Reply all
Reply to author
Forward
0 new messages