I know that I can use a customized authentication backend with
Authkit, but I'm not sure that it's made to be tweaked this throughly
(short of essentially forking it...meh). But I do like middleware-ish
features like the decorators and intercepting HTTP status codes.
Should I roll-my-own solution now and maybe port it over to AuthKit
down the road, or can I drop-in the functionality I need without
murdering the existing code too much?
It sounds like you already have a farily sophisticated setup so I'd
recommend rolling your own but using the AuthKit code as an example
for anything you wish to build yourself.
One tip though, I now believe using exceptions to trigger the 401 and
403 responses and then intercepting them in WSGI middleware is not a
good design pattern. New code I'm working on generates a normal
response in the authorization decorators or whereever the check fails
instead of in the WSGI middleware. This avoids problems with other
middleware components intercepting exceptions when they aren't
supposed to and also avoids issues around the WSGI middleware trying
to generate a page using objects which are only available where the
exception was raised. It is just less tangled so I'd recommend you
avoid using exceptions in your own code too.
Cheers,
James
(AuthKit author)
Thanks for the response! I'll do as you recommend.
One tip though, I now believe using exceptions to trigger the 401 and
403 responses and then intercepting them in WSGI middleware is not a
good design pattern. New code I'm working on generates a normal
response in the authorization decorators or whereever the check fails
instead of in the WSGI middleware.
I think by "normal response" he means a normal 401 or 403 response.
In controllers you should be able to call abort(4xx or 5xx) and have
the right thing happen. Abort raises HTTPException (defined in
webob.exc), although I'm not sure where they're being caught. It's
not in StatusCodeRedirect (which I always comment out in my
applications because I'd rather have plain white error messages) or
ErrorHandler (because I get the same behavior whether it's commented
or not). There's no 'except' in pylons.wsgiapp, just try/finally.
The only other one I could find is in paste.httpserver, which writes a
text/plain "Internal Server Error" for any unhandled exception.
However, HTTPException is already caught by that point.
If AuthKit does not depend on Pylons it would not be able to call
abort(), so it would have to set the status manually.
--
Mike Orr <slugg...@gmail.com>
so the tips i can give are this:
- create your validation and cookie-set/expire functions in something
like app/lib/helpers/auth.py
- put the logic you need in an abstract BaseController that your real
base controllers inherit from
- use class variables like self._auth_required to turn the auth
routine on/off on the BaseController
if you contact me offlist, I can give you my BaseController and sample
derivative classes