|
»
»
Django authentification
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
Django authentification
by coulix
::
Rate this Message:
Hello guys,
I have a question regarding auth in django, I see that DjangoGateway takes an authentificator callable function, myGateway = DjangoGateway(services, expose_request=True, authenticator=auth) Does my auth function can look like this ? def auth(http_request, username, password): user = authenticate(username=username, password=password) if user is not None: login(http_request, user) return user return None When my user starts the Flex app he is already connected to the domain where the web site lives on. Therefore i don't want to ask the user to provide his user/password again if the session is still valid. Is there any other way than providing raw username in password ? is that secure ? I see the process like that: User wants to save an image from flex to server. Is he connected ? then just call with username pass, otherwise ask for credentials before doing so. I also read about a problem where authenticator may not be run by requests: http://www.nabble.com/Authenticator-not-called-by-requests-from-Flex-Client-td23166245.html It tells me that i have to use preprocessors. So my processor will check for username and password and acts like an authenticator ? Finally if i pass username and password to my swf in https as variables and then use them with pyamf is that secure ? Can someone sniffing the network see the clear password/pass ? Thanks a lot, Greg _______________________________________________ PyAMF users mailing list - users@... http://lists.pyamf.org/mailman/listinfo/users |
|
|
Re: Django authentification
by coulix
::
Rate this Message:
After some more reading what do you guys think of this solution:
The session id is passed to swf instead of user/password. Secured Gateway has a special service which takes a user and password and returns the session id if valid. Sessionid is used with the authentificator or processor ? Greg On Sun, Aug 9, 2009 at 7:55 PM, Gregory Tappero<coulix@...> wrote: > Hello guys, > > I have a question regarding auth in django, > I see that DjangoGateway takes an authentificator callable function, > > myGateway = DjangoGateway(services, expose_request=True, authenticator=auth) > > > Does my auth function can look like this ? > > def auth(http_request, username, password): > user = authenticate(username=username, password=password) > if user is not None: > login(http_request, user) > return user > return None > > > When my user starts the Flex app he is already connected to the domain > where the web site lives on. > Therefore i don't want to ask the user to provide his user/password > again if the session is still valid. > Is there any other way than providing raw username in password ? is > that secure ? > > I see the process like that: > User wants to save an image from flex to server. Is he connected ? > then just call with username pass, otherwise ask for credentials > before doing so. > > I also read about a problem where authenticator may not be run by > requests: http://www.nabble.com/Authenticator-not-called-by-requests-from-Flex-Client-td23166245.html > It tells me that i have to use preprocessors. > > So my processor will check for username and password and acts like an > authenticator ? > > Finally if i pass username and password to my swf in https as > variables and then use them with pyamf is that secure ? > Can someone sniffing the network see the clear password/pass ? > > Thanks a lot, > > Greg > PyAMF users mailing list - users@... http://lists.pyamf.org/mailman/listinfo/users |
|
|
Re: Django authentification
by Joel Hooks-2
::
Rate this Message:
I have a "test_login" method that is @login_required. If it returns
True, than the user doesn't need to login. False and they need to enter credentials. Django with Flash/.Flex honors the browser session. Joel Hooks (@jhooks) http://joelhooks.com On Aug 9, 2009, at 12:55 PM, Gregory Tappero wrote: > Hello guys, > > I have a question regarding auth in django, > I see that DjangoGateway takes an authentificator callable function, > > myGateway = DjangoGateway(services, expose_request=True, > authenticator=auth) > > > Does my auth function can look like this ? > > def auth(http_request, username, password): > user = authenticate(username=username, password=password) > if user is not None: > login(http_request, user) > return user > return None > > > When my user starts the Flex app he is already connected to the domain > where the web site lives on. > Therefore i don't want to ask the user to provide his user/password > again if the session is still valid. > Is there any other way than providing raw username in password ? is > that secure ? > > I see the process like that: > User wants to save an image from flex to server. Is he connected ? > then just call with username pass, otherwise ask for credentials > before doing so. > > I also read about a problem where authenticator may not be run by > requests: http://www.nabble.com/Authenticator-not-called-by-requests-from-Flex-Client-td23166245.html > It tells me that i have to use preprocessors. > > So my processor will check for username and password and acts like an > authenticator ? > > Finally if i pass username and password to my swf in https as > variables and then use them with pyamf is that secure ? > Can someone sniffing the network see the clear password/pass ? > > Thanks a lot, > > Greg > _______________________________________________ > PyAMF users mailing list - users@... > http://lists.pyamf.org/mailman/listinfo/users _______________________________________________ PyAMF users mailing list - users@... http://lists.pyamf.org/mailman/listinfo/users |
|
|
Re: Django authentification
by coulix
::
Rate this Message:
Hi joel,
This test_method is over pyamf or standard http ? what do you pass to it ? If the user does not need to login how do you authentify the next pyamf requests without username login ? I checked http://joelhooks.com/2008/09/21/django-authorization-from-flex-air-actionscript-via-pyamf/ but i guess its not really the same, in this case you authentify the user from the flex app. Mine is already known when he loads the swf. On Sun, Aug 9, 2009 at 8:45 PM, Joel Hooks<joelhooks@...> wrote: > I have a "test_login" method that is @login_required. If it returns True, > than the user doesn't need to login. False and they need to enter > credentials. Django with Flash/.Flex honors the browser session. > > Joel Hooks (@jhooks) > http://joelhooks.com > > > > > On Aug 9, 2009, at 12:55 PM, Gregory Tappero wrote: > >> Hello guys, >> >> I have a question regarding auth in django, >> I see that DjangoGateway takes an authentificator callable function, >> >> myGateway = DjangoGateway(services, expose_request=True, >> authenticator=auth) >> >> >> Does my auth function can look like this ? >> >> def auth(http_request, username, password): >> user = authenticate(username=username, password=password) >> if user is not None: >> login(http_request, user) >> return user >> return None >> >> >> When my user starts the Flex app he is already connected to the domain >> where the web site lives on. >> Therefore i don't want to ask the user to provide his user/password >> again if the session is still valid. >> Is there any other way than providing raw username in password ? is >> that secure ? >> >> I see the process like that: >> User wants to save an image from flex to server. Is he connected ? >> then just call with username pass, otherwise ask for credentials >> before doing so. >> >> I also read about a problem where authenticator may not be run by >> requests: >> http://www.nabble.com/Authenticator-not-called-by-requests-from-Flex-Client-td23166245.html >> It tells me that i have to use preprocessors. >> >> So my processor will check for username and password and acts like an >> authenticator ? >> >> Finally if i pass username and password to my swf in https as >> variables and then use them with pyamf is that secure ? >> Can someone sniffing the network see the clear password/pass ? >> >> Thanks a lot, >> >> Greg >> _______________________________________________ >> PyAMF users mailing list - users@... >> http://lists.pyamf.org/mailman/listinfo/users > > _______________________________________________ > PyAMF users mailing list - users@... > http://lists.pyamf.org/mailman/listinfo/users > PyAMF users mailing list - users@... http://lists.pyamf.org/mailman/listinfo/users |
|
|
Re: Django authentification
by Joel Hooks-2
::
Rate this Message:
@login_required
def test_login(http_request): """Check to see if a user is logged in. They won't even get into this method if they are not logged in so it always returns true""" return True It is a pyamf mapped method. If the user has a session it returns true, otherwise it returns the html from the redirect page. so, after the flash/flex application has initialized I ping this method, if it returns True the app loads, if it returns anything else (the HTML) a login window is displayed. In your case, I don't think you need to use the authenticator method in the Gateway at all. If the user has a valid browser session with Django, the pyamf methods that are @login_required will respect the session. So remove the authenticator=auth and see if it doesn't work. I bet it does. Cheers, Joel Hooks (@jhooks) http://joelhooks.com On Aug 9, 2009, at 4:43 PM, Gregory Tappero wrote: > Hi joel, > > This test_method is over pyamf or standard http ? what do you pass > to it ? > If the user does not need to login how do you authentify the next > pyamf requests without username login ? > > I checked http://joelhooks.com/2008/09/21/django-authorization-from-flex-air-actionscript-via-pyamf/ > but i guess its not really the same, in this case you authentify the > user from the flex app. Mine is already known when he loads the swf. > > > On Sun, Aug 9, 2009 at 8:45 PM, Joel Hooks<joelhooks@...> wrote: >> I have a "test_login" method that is @login_required. If it returns >> True, >> than the user doesn't need to login. False and they need to enter >> credentials. Django with Flash/.Flex honors the browser session. >> >> Joel Hooks (@jhooks) >> http://joelhooks.com >> >> >> >> >> On Aug 9, 2009, at 12:55 PM, Gregory Tappero wrote: >> >>> Hello guys, >>> >>> I have a question regarding auth in django, >>> I see that DjangoGateway takes an authentificator callable >>> function, >>> >>> myGateway = DjangoGateway(services, expose_request=True, >>> authenticator=auth) >>> >>> >>> Does my auth function can look like this ? >>> >>> def auth(http_request, username, password): >>> user = authenticate(username=username, password=password) >>> if user is not None: >>> login(http_request, user) >>> return user >>> return None >>> >>> >>> When my user starts the Flex app he is already connected to the >>> domain >>> where the web site lives on. >>> Therefore i don't want to ask the user to provide his user/password >>> again if the session is still valid. >>> Is there any other way than providing raw username in password ? is >>> that secure ? >>> >>> I see the process like that: >>> User wants to save an image from flex to server. Is he connected ? >>> then just call with username pass, otherwise ask for credentials >>> before doing so. >>> >>> I also read about a problem where authenticator may not be run by >>> requests: >>> http://www.nabble.com/Authenticator-not-called-by-requests-from-Flex-Client-td23166245.html >>> It tells me that i have to use preprocessors. >>> >>> So my processor will check for username and password and acts like >>> an >>> authenticator ? >>> >>> Finally if i pass username and password to my swf in https as >>> variables and then use them with pyamf is that secure ? >>> Can someone sniffing the network see the clear password/pass ? >>> >>> Thanks a lot, >>> >>> Greg >>> _______________________________________________ >>> PyAMF users mailing list - users@... >>> http://lists.pyamf.org/mailman/listinfo/users >> >> _______________________________________________ >> PyAMF users mailing list - users@... >> http://lists.pyamf.org/mailman/listinfo/users >> > _______________________________________________ > PyAMF users mailing list - users@... > http://lists.pyamf.org/mailman/listinfo/users _______________________________________________ PyAMF users mailing list - users@... http://lists.pyamf.org/mailman/listinfo/users |
|
|
Re: Installing without easy_install
by Anthony Cintron
::
Rate this Message:
Hey All,
is there a way to just save the pyamf folder into my Django app and access via there? I tried accomplishing this but received a 'no module' error. I don't have the permissions to run an easy_install on the remote server I'm deploying and was hoping this would be the easiest alternative. - Anthony _______________________________________________ PyAMF users mailing list - users@... http://lists.pyamf.org/mailman/listinfo/users |
| Free embeddable forum powered by Nabble | Forum Help |
