问题
I'm using Turbogears 2.1 and repoze.who/what and am having trouble figuring out how to extend the basic authentication functionality. I am essentially attempting to require users to activate their account via an emailed link before they can login. If they try to login without activating their account, I want to display an appropriate error message. The default Turbogears functionality simply displays one message for all errors.
I created my own authentication plugin which works fine. It won't allow users to login if they have not activated their account. However, the problem comes when I try to create the form and display custom error messages. How can I go about doing this?
Thanks
回答1:
It's impossible to give a really good answer without seeing your actual code, but here's one idea:
- Create a repoze.who metadata provider plugin that "scribbles" something that indicates whether the user has activated their account.
- Create a "challenger decider" plugin that looks at both whether the user has authenticated, and also whether they have activated their account (by checking the metadata you set with the metadata plugin).
- Create a challenger plugin to send back the actual challenge. If the user is not authenticated, send back a login form/prompt. If user is authenticated (your authenticator plugin succeeded), but they have not activated their account, send back a custom error page asking the user to activate their account.
In any case, read this page carefully.
You could also maybe use repoze.what with a custom predicate, but you'd probably have to sprinkle decorators all through your code, checking whether their account has been activated on every controller/method. Ugly.
Hope this helps!
来源:https://stackoverflow.com/questions/1960747/how-to-extend-the-turbogears-2-1-login-functionality