Require auth for everything on server

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Require auth for everything on server

Steven Sawyer
I'm working on my first CherryPy project and it is going pretty well so far, but I can't seem to find any examples of what I want to do.

I want to require a name/pass for the entire sever. No matter what page you load up it should redirect to a login form. Then it should remember the user in a session so we only need to log in once.

Everything I see in examples and tutorials involves securing certain methods in the root class or securing just an api, but the only thing I want to leave my server without authentication is the login form markup.

What is a good way to do this?

--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/cherrypy-users.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Require auth for everything on server

Joseph S. Tate
Authentication and authorization work best as CherryPy Tools. You can take a look at the basic auth tool that's built in, or one of the tools at tools.cherrypy.org as a basis, and build what you need. Then apply that tool via config everywhere it's needed.

Then setup your config like this:

[/]
tools.myauth.on = True

[/public]
tools.myauth.on = False

Have your login page handle /public/login (GET and POST).

On Sun, Oct 30, 2016 at 2:09 PM Steven Sawyer <[hidden email]> wrote:
I'm working on my first CherryPy project and it is going pretty well so far, but I can't seem to find any examples of what I want to do.

I want to require a name/pass for the entire sever. No matter what page you load up it should redirect to a login form. Then it should remember the user in a session so we only need to log in once.

Everything I see in examples and tutorials involves securing certain methods in the root class or securing just an api, but the only thing I want to leave my server without authentication is the login form markup.

What is a good way to do this?

--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/cherrypy-users.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/cherrypy-users.
For more options, visit https://groups.google.com/d/optout.