browser stuck in redirection loop when adding allow_only = predicates.has_permission('something') to root controller

TurboGears / tg2

Python web framework with full-stack layer implemented on top of a microframework core with support for SQL DBMS, MongoDB and Pluggable Applications

http://www.turbogears.org/

Other

806 stars 78 forks source link

browser stuck in redirection loop when adding allow_only = predicates.has_permission('something') to root controller #79

Closed eteamin closed 7 years ago

eteamin commented 7 years ago

by adding allow_only = predicates.has_permission('something') to the root controller, browser stucks in infinite redirection loop.

amol- commented 7 years ago

That's actually the expected behaviour. The predicate sends the user to /login page due to the authentication challenger, but the login action is implemented in RootController which has the predicate, so when the browser gets redirected to /login the predicate is rechecked and triggers again a redirection to /login.

Having an allow_only clause in RootController is generally not a very good idea as it will also prevent error pages from rendering

eteamin commented 7 years ago

thanks.