Amin Etesamian Amin Etesamian - 10 months ago 31
Python Question

changing Turbogears` redirection to login page on unauthorized access default behaviour

In Turbogears framework, whenever a user who is not logged in tries to access a url that requires login, he/she is redirected to

page. But it somehow causes an issue for me here. Actually whenever a
exception is raised, Turbogears itself returns and 302 indicating redirection to the
I am using Turbogears to develop a web api for a mobile app. I am testing a scenario using nosetests where user provides wrong password for logging in expecting 401 status:

invalid_password = {
'username': 'test',
'password': 'invalid'
}'/users/login', params=invalid_password, status=401)

and this is my actual code returning 401:

if not user.validate_password(password):
raise HTTPUnauthorized(explanation='Invalid password')


Thanks to your answer it was solved, but something else happened, when I use
abort(status_code=404, detail='No such user', passthrough='json')

This exception is raised:

TypeError: 'NoneType' object is not iterable

This is the traceback:
enter image description here

Answer Source

That's something the authentication layer does, whenever is signaled back to the user that authentication is needed the challenger will intervene and force the user to login ( )

If you want to avoid that behaviour the easiest way is to use tg.abort(401, passthrough=True) which will skip such step, as you are talking about an API you probably want to use passthrough='json' which will provide a JSON response. See