Skip to content
Browse files

How to customize the login view to do extra work or checks.

  • Loading branch information...
1 parent c33d228 commit 3aa368e5def18c9827110f6c92c0877405c21299 @madjar committed Dec 24, 2012
Showing with 63 additions and 5 deletions.
  1. +2 −0 CHANGES.rst
  2. +49 −2 docs/customization.rst
  3. +12 −3 pyramid_persona/views.py
View
2 CHANGES.rst
@@ -1,6 +1,8 @@
DEV
---
+- Added documentation on how to do extra work at login, and made the internal changes for it to work.
+- Added some real docs
- Switched to a AuthTktAuthenticationPolicy so that the login doesn't expire with the session.
1.2
View
51 docs/customization.rst
@@ -1,5 +1,52 @@
-What it does
-------------
+Customization
+-------------
+
+Do extra work or verification at login
+======================================
+
+The default login view might not do exactly what you want. You might want to do
+something when a new user logs for the first time, like create their profile in
+the database, or redirect them to some page, or you might want to make additional
+checks before logging them.
+
+The easier way to do see is by overriding the login view. The default view is
+defined like this::
+
+ @view_config(route_name='login')
+ def login(request):
+ email = verify_login(request)
+ headers = remember(request, email)
+ return HTTPFound(request.POST['came_from'], headers=headers)
+
+To be precise, the route name is the option 'pyramid.route_name', and
+verify_login is :py:func:`pyramid_persona.views.verify_login`. `request.POST['came_from']` is the url of the page on
+which the button was clicked ; by default we redirect the user back there after the login.
+
+So, if you want to check that an email is on a whitelist and create a profile and
+redirect new users, you can define a new login view like this one::
+
+ @view_config(route_name='login')
+ def login(request):
+ email = verify_login('email')
+ if email not in whitelist:
+ request.session.flash('Sorry, you are not on the list')
+ return HTTPFound('/')
+ headers = remember(request, email)
+ if not exists_in_db(email):
+ create_profile(email)
+ return HTTPFound('/new-user', headers=headers)
+ return HTTPFound('/welcome-again', headers=headers)
+
+Some goes if you want to do extra stuff at logout. The default logout view looks like this::
+
+ @view_config(route_name='logout')
+ def logout(request):
+ check_csrf_token(request)
+ headers = forget(request)
+ return HTTPFound(request.POST['came_from'], headers=headers)
+
+What pyramid_persona does
+=========================
`pyramid_persona` *is* a login system. It replaces login forms and
views, and the need to handle passwords.
View
15 pyramid_persona/views.py
@@ -14,15 +14,24 @@ def _check_csrf_token(request):
raise HTTPBadRequest('incorrect CSRF token')
-def login(request):
- """View to check the persona assertion and remember the user"""
+def verify_login(request):
+ """Verifies the assertion and the csrf token in the given request.
+
+ Returns the email of the user if everything is valid, otherwise raises
+ a HTTPBadRequest"""
_check_csrf_token(request)
verifier = request.registry['persona.verifier']
try:
data = verifier.verify(request.POST['assertion'])
except (ValueError, browserid.errors.TrustError):
raise HTTPBadRequest('invalid assertion')
- headers = remember(request, data['email'])
+ return data['email']
+
+
+def login(request):
+ """View to check the persona assertion and remember the user"""
+ email = verify_login(request)
+ headers = remember(request, email)
return HTTPFound(request.POST['came_from'], headers=headers)

0 comments on commit 3aa368e

Please sign in to comment.
Something went wrong with that request. Please try again.