imbolc / aiohttp-login Goto Github PK

The requirements.txt should specify compatible versions. For example the current code is for motor 1 and not compatible with motor 2.

With the current setup motor 2 is installed but not working.

Hi.

Could you please provide some details about database setup for running tests?
I get errors about invalid user or password even if I run one empty test with only the client fixture.

I've tried to run pytest with local postgres and with docker.
Also tried to update places where DATABASE placeholder is used in utils.py with my connection details.

I ran into the following error using aiohttp-login:

Error handling request
Traceback (most recent call last):
  File "/var/www/dnd/lib64/python3.6/site-packages/aiohttp/web_server.py", line 62, in handle_request
    resp = yield from self._handler(request)
  File "/var/www/dnd/lib64/python3.6/site-packages/aiohttp/web.py", line 270, in _handle
    resp = yield from handler(request)
  File "/var/www/dnd/lib64/python3.6/site-packages/aiohttp_jinja2/__init__.py", line 115, in middleware
    return (yield from handler(request))
  File "/var/www/dnd/lib64/python3.6/site-packages/aiohttp_session/__init__.py", line 129, in middleware
    response = yield from handler(request)
  File "/var/www/dnd/aiohttp-login/aiohttp_login/flash.py", line 31, in process
    response = await handler(request)
  File "/var/www/dnd/aiohttp-login/aiohttp_login/handlers.py", line 328, in confirmation
    return render_template(themed('confirmation_error.html'), request)
TypeError: render_template() missing 1 required positional argument: 'context'

Is it possible to add this lib to existing application and not modify existing tables?
Is it required to run "pg_tables.sql" after pip install?

Hi, thank you for your great work.

When an user redirect to google login page and successfully logged in and back to the site, she/he want to access to some resource on the server.

She/he add the token in authorization header in each request and she/he expects to get related resource (based on her permission)

Question is : How to validate a token in each request(token decoding and validation - google client)?

Thanks

I am probably reading the code wrong, and project is probably already abandoned, but to me it looks like @admin_required decorator works in this fashion:

1. Checks if user is logged in
2. Executes the handler
3. And only then checks if user is actually an admin. If he is not, an exception is raised.

As far as i can tell, that means that you can't rely on @admin_required to, say, protect administrative API endpoints, since handler will be executed anyway. Attacker will get his 403, sure, but changes to the system state will already been made at this point.