3

I'm trying to integrate Mozilla Persona (browserid) into a Pyramid application. The login process is:

  1. user can login on any page by clicking on the login button
  2. a popup then shows a login form
  3. when the users enters correct login/password, an ajax call is made by the popup to a Pyramid view that checks users credentials, and calls Pyramid remember function if the check succeeded
  4. the browserid javascript code then reloads the current page

Now I want to handle the case of a new user subscribing to the web app and present a new view asking for a few more details (desired username, etc).

Since the "remember" function is called by an ajax call from the popup, I cannot redirect the user the the "/newuser" page. So every view needs to redirect new users to the "/newuser" url whenever the remembered browserid has no corresponding user in the database.

Is there a way to intercept user requests before calling a view to call the "new_user" view instead? Or maybe my authentication approach is fundamentally incorrect and I should rely on another approach?

tshepang
  • 12,111
  • 21
  • 91
  • 136
ascobol
  • 7,554
  • 7
  • 49
  • 70

1 Answers1

4

One way to do this would be to create an exception that should be raised when the user is created, and use this exception as the context of a view that would redirect to the new page.

class NewUser(Exception):
    pass

@view_config(context=NewUser)
def new_user_exception(request):
    return HTTPFound(request.route_path('new_user'))

Make sure the exception is raised during the first request after the first login (after having created the user object, for example), and the user will be redirected to the right page.

You could also put the code for the welcome page directly in new_user_exception, but without redirection, this page would have the url asked by the user, whatever it was.

Another solution would be to tweak how the persona part is done. For that, I'm going to guess you are using pyramid_persona (I'm the writer :) ). If not, what I'm saying will still apply, and will be even simpler to do.

What you could do is :

  • Change the login view so that it includes in the response a boolean saying whether this is the first login or not.
  • Change the javascript to check this boolean, reload the page if it's not the first time, and redirect to the welcome page if it.

The code for the login view can use pyramid_persona's login view like this :

from pyramid_persona.views import login

@view_config(route_name='login')
def new_login(request):
    response = login(request)
    if response.status == 200: #the login worked
        # tweak the response
    return response

EDIT : There's now a part about this in pyramid_persona's documentation : Do extra work or verification at login.

madjar
  • 12,691
  • 2
  • 44
  • 52
  • Thanks for your answer. I wonder where is the better place to raise the NewUser exception. I now calling it in a NewRequest subscriber which checks for the userid in the database. – ascobol Nov 30 '12 at 17:14
  • A NewRequest subscriber is not a bad place, since it needs to be called in every request. Don't forget to put the result of the query in the request object, so you don't have to do it again in the view. – madjar Nov 30 '12 at 17:26