[[http://www.youtube.com/watch?v=l1fQSDqDJVs|tao system of badass pdf]]= Handling Authentication = Authentication for Web applications is a tricky business. You would be well advised to read up about the various attacks for cookie-based authentication of web applications first. As a good starting point, see http://www.pdos.lcs.mit.edu/papers/webauth.html That said, here is a very simple framework for doing Authentication in Albatross. It assumes a login at the start of a session and expires the login after 10 seconds, which forces the user to log in again. The auth is checked on every action, and you don't need toput this stuff into all your application pages, it can be added just once. First, the application, app.py: {{{ #!python # Some basic auth stuff. In a real app this would be replaced by something # much more sophisticated, such as MD5'd cookies. See, for example, # # http://www.pdos.lcs.mit.edu/papers/webauth.html import time class Auth: def __init__(self, u, p): self.user = u self.passwd = p self.expire = time.time() + 10 # Lasts 10 seconds def check_auth(a): return a.user == 'foo' and a.passwd == 'bar' and a.expire > time.time() from albatross import httpdapp, SimpleApp class Login: name = 'login' def page_display(self, ctx): ctx.locals.passwd = '' if not ctx.has_value('message'): ctx.locals.message = '' ctx.run_template(self.name + '.html') def page_process(self, ctx): if ctx.req_equals('login'): a = Auth(ctx.locals.user, ctx.locals.passwd) if check_auth(a): ctx.locals._auth = a ctx.add_session_vars('_auth') ctx.set_page('start') else: # invalid password ctx.locals.message = "Invalid password!" class Start: name = 'start' def page_display(self, ctx): ctx.run_template(self.name + '.html') def page_process(self, ctx): if ctx.req_equals('next'): ctx.set_page('next') class Next: name = 'next' def page_display(self, ctx): ctx.run_template(self.name + '.html') class App(SimpleApp): def __init__(self, base_url, base_dir): SimpleApp.__init__( self, base_url=base_url, template_path=base_dir, start_page='login', secret='-=secret=-' ) self.register_page('login', Login()) self.register_page('start', Start()) self.register_page('next', Next()) def validate_request(self, ctx): if ctx.locals.__page__ == 'login': return 1 print "validate:" if not hasattr(ctx.locals, '_auth'): ctx.set_page('login') return 0 if not check_auth(ctx.locals._auth): ctx.locals.message = 'Login Expired' ctx.set_page('login') return 0 return 1 app = App('/', '.') }}} Now, three very simple HTML templates. The login page, 'login.html': {{{