Python, Firefox programming and Irish Whiskey.
Monday, December 27, 2010
Wrong auth logic
I generally use authkit in my pylons projects for authentication and authorization. I have recently realized that the logic I use is wrong. The thing is that whenever I encounter a user that is authenticated but not authorized, I redirect to a login screen, practically without a word of explanation. Now, that's wrong. I should be showing the login screen only when the user is not authenticated, otherwise I should only display an explanatory message.
Now, why am I writing this? Why...? Why? Perhaps not to forget and implement it properly in my next project, now with repoze.who though.
Subscribe to:
Posts (Atom)