implement a session framework #86
Comments
|
@pjz implemented http basic and digest at some point. We need cookie auth and a consistent documented interface to the whole. |
chadwhitacre
added a commit
that referenced
this issue
Jul 25, 2012
This adds a couple simple auth checks to the core request handling code in website.py that don't depend on the hooks infrastructure, and a configurable cookie authentication system that does depend on hooks. Needs to be documented, and the method for turning auth "on" is much too coarse.
|
I think the interface should be the existing hooks interface. Also, hook filters (aspen.hooks.filters.*) can then be used to control what does and doesn't require authorization. |
|
My concern with using the existing hooks interface is that users will inadvertently open up a security hole. We want to turn off caching for all authenticated requests, and we don't want users to be able to turn that on. |
|
Maybe a wrapper for auth hooks that turns off the caching? so your hook is like: filter(dont_cache(auth_hook(...))) |
|
replaced by #139 |
Changaco
pushed a commit
that referenced
this issue
Mar 11, 2016
This adds a couple simple auth checks to the core request handling code in website.py that don't depend on the hooks infrastructure, and a configurable cookie authentication system that does depend on hooks. Needs to be documented, and the method for turning auth "on" is much too coarse.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: