Authentication in Tornado application

paulyb263 · July 16, 2015, 9:42pm

Hello, I am trying to implement some simple cookie based authentication in my Tornado application as per this guide:
http://tornado.readthedocs.org/en/latest/guide/security.html

However I cant seem to find where to set the tornado.web.settings object

settings = {
“cookie_secret”: “generate random secret here”,
“login_url”: “/login”,
}

In all the Tornado examples on tornado.readthedocs.org the settings is passed to the tornado.web.Application class:

application = tornado.web.Application([
(r"/", MainHandler),
(r"/login", LoginHandler),
], **settings)

but in Mopidy we simply use a factory that returns a list of request handlers and there doesnt seem to be anywhere to pass the settings

I have a feeling I’m missing something fairly straightforward here. Any help would be appreciated

Many thanks

Paul

gotling · March 29, 2017, 1:53am

You can set the cookie_secret in your RequestHandler like this:

Settings:

[extension_name]
enabled = true

# Key used by Tornado web server to store cookies securely
cookie_secret = c1e95c2327dc5ab115554cc6f0e2307d2562f829a2ce1471c6ea7a876490f7ea

Web handler:

class IndexHandler(tornado.web.RequestHandler):
    def initialize(self, core, config):
        self.core = core
        self.config = config
        self.application.settings['cookie_secret'] = self.config['extension_name']['cookie_secret']

Topic		Replies	Views
Frontend and webapp(tornado) talking within an extension General	0	421	August 21, 2018
Mopidy web extension doesn't appear to support web sockets [solved] General	1	971	January 8, 2015
Extension including both Tornado-app and frontend General	4	1442	March 20, 2016
Reading values from mopidy.conf via mopidy-http Q&A	3	237	April 21, 2023
With which web server is the mopidy installed? General	2	998	January 4, 2016

Authentication in Tornado application

Settings:

Web handler:

Related Topics