Thanks!
It seems ok!!
hope it will be corrected soon in the official version, as it should be
considered as a serious security bug.
Il giorno lun 25 mag 2020 alle ore 06:29 egamarro dpu <
egamarro@gmail.com> ha scritto:
>
>I'm pretty sure Fred found the right line to fix this. Buildin
I'm pretty sure Fred found the right line to fix this. Building on
Fred's suggestion, I fixed it this way:
< redirect(self.url(args=request.args,
vars=request.vars),client_side=settings.client_side)
> redirect(self.url(),client_side=settings.client_side)
On Tuesday, April 28, 2020 at
I'm experincing the same problem.
I also tried the last version (2.19.1) and seems it still presents the same
inconvenience.
I think this can be considered a serious security problem as clear mistyped
password will be writed on web server logs, proxies logs and so on.
There is also a sencondar
Ok I think I found it:
In gluon/tools.py in the Auth.login() method the line 2643 has been changed
from
redirect(self.url(args=request.args, vars=request.*get_vars*
),client_side=settings.client_side)
to
redirect(self.url(args=request.args, vars=request.*vars*
),client_side=settings.client_sid
On Saturday, February 17, 2018 at 11:30:53 PM UTC-5, F.C. wrote:
>
> I am creating custom forms using the standard authentication sql forms.
> Where can I get a list of all the relevant fields that come with these
> forms.
>
You can simply view the forms in a browser. To see the names of the fie
This may be tricky, as the Auth system is designed assuming passwords will
be used. You'll probably have to create your own login and registration
actions instead of using those provided by Auth. You can use
auth.login_bare instead to log someone in, though you may need to give
everyone a non-e
perhaps you can customize auth table and set it password length validator
to 0, required and notnull as false
ref:
http://web2py.com/books/default/chapter/29/09/access-control#Customizing-Auth
http://web2py.com/books/default/chapter/29/07/forms-and-validators
best regards,
stifan
--
Resources:
Thanks a lot for the answer. perhaps I expressed myself badly I intended to
change Access Control auth using soap , the calls I 've made with
pysimplesoap
Il giorno sabato 20 febbraio 2016 16:40:48 UTC+1, Massimo Di Pierro ha
scritto:
>
> we use pysimplesoap. I'd reccomend you ask the autho
we use pysimplesoap. I'd reccomend you ask the author of pysimplesoap.
On Saturday, 20 February 2016 09:35:02 UTC-6, mirco barone wrote:
>
>
> I state that I started recently with web2py , I have to implement an
> authentication of the soap services . Which is the best way to do it ?
> Examples
>
> from gluon.contrib.login_methods.ldap_auth import ldap_auth
>
> auth.settings.login_methods.append(ldap_auth(mode='ad',
>server='my.domain.controller',
>base_dn='ou=Users,dc=domain,dc=com'))
>
>
> But my question is do I still have to keep the following lines ?
>
> from gluon.tools im
How about LDAP?
I use the following as seen on site.
from gluon.contrib.login_methods.ldap_auth import ldap_auth
auth.settings.login_methods.append(ldap_auth(mode='ad',
server='my.domain.controller',
base_dn='ou=Users,dc=domain,dc=com'))
But my question is do I still have to keep the fo
See http://web2py.com/books/default/chapter/29/9#Manual-Authentication.
if request.vars:
auth.login_bare(request.vars.ID, request.vars.pass)
But it's dangerous to put the login credentials in the URL.
Anthony
On Tuesday, June 26, 2012 12:42:25 AM UTC-4, aungsan wrote:
>
> I got following is
Grazie Massimo, I've just opened an issue on google code,
http://code.google.com/p/web2py/issues/detail?id=832
Regards,
paolo
Il 03.06.2012 21:05 Massimo Di Pierro ha scritto:
Good point. This is a complicated issue because it depends on the
client-side app details. Anyway, please open a ticket
Good point. This is a complicated issue because it depends on the
client-side app details. Anyway, please open a ticket about this.
On Sunday, 3 June 2012 15:30:05 UTC-5, Gabriella Canavesi wrote:
>
> Hi all,
> I've just figured out that on_failed_authentication works only when
> requests are n
Yes, you can use CAS pointed to just one application ... very easy to setup
... see here
http://www.web2py.com/book/default/chapter/08#Central-Authentication-Service
thanks, I know about this option. I use it when I just test for a
role, I guess requires_login can be omitted in this case.
I've seen that I can use routes_onerror in routes.py to define custom
error pages for http errors and all other errors. I tested it
successfully, works great!
You could also try decorating:
@auth.requires_membership('admin')
@auth.requires_login()
def edit():
I don't know if requires_login is necessary since requires_membership may
imply a login. I'm also not sure what exactly happens on the front-end if
the user does not have membership.
Relsi,
i have not done xml-rpc with iphone, but i know that the iphone will accept
and store a cookie, so you could do an oauth implementation where the deice
logs in and gets a cookie which is then submitted with each request.
i have done the DB (web2py) side of an iphone app that makes use of
Hi Clifford,
I'm not the iPhone developer. I created the service in web2py and
someone else is trying to consume the service via iPhone. I know
nothing of the iPhone environment (and not have one too), and also did
not find any reference material to verify the authentication method
actually used in
Relsi, do you know whether he's developing using Obj-C or a framework like
(Titanium, Corona, LiveCode, etc...)?
I ask because he could use a webview to usher content back and forth from
the network calls to the main meat of his application. This is pretty
trivial with Obj-C, Corona (Lua), and Tit
Hi Massimo, then it would be appropriate to implement this in my
method, not change the core web2py...
On Aug 10, 6:48 pm, Massimo Di Pierro
wrote:
> Look at the source of the decorator in gluon/tools.py. It should be
> trivial to change it and take the username:password from a
> request.vars or
Look at the source of the decorator in gluon/tools.py. It should be
trivial to change it and take the username:password from a
request.vars or from a request.env
On Aug 10, 4:35 pm, Relsi Hur wrote:
> Anyone else? =)
>
> any tips on how to pass the username and password as parameters of the
> m
Anyone else? =)
any tips on how to pass the username and password as parameters of the
method and continue using the decorator?
On Aug 10, 3:56 am, Relsi Hur wrote:
> Yes, the objective-C suport xml-rpc, but the developer says that
> theiphonedoes not work the wire
> formathttps://username:pas
Yes, the objective-C suport xml-rpc, but the developer says that the
iphone does not work the wire format
https://username:password@my_server/my_app/service/call/xmlrpc.
I do not work with the platform iOS, so I do not know the
particularities of the platform, I do not want is having to stop using
I have not tried xml-rpc on the iphone but apparently Wordpress has some
iphone xmlrpc examples...
http://stackoverflow.com/questions/147062/does-iphone-support-xml-rpc
Let us know how it goes!
C.
Have you seen this section in the book:
http://web2py.com/book/default/chapter/09#Services-and-Authentication
On Tuesday, June 7, 2011 4:25:16 PM UTC-4, Abhishek Gupta wrote:
> Hello,
>
> I have an application in web2py. To create the command line interface of
> the gui (web-interface), I want
great! thank you
Did you look here:
http://web2py.com/book/default/chapter/09#Services-and-Authentication
Anthony
On Thursday, February 17, 2011 8:50:56 PM UTC-5, elffikk wrote:
> I want to do that
>
> @auth.requires_login()
> @service.amfrpc3('myservice')
> def item_list():
> return [1,2,3]
>
> but
You can add field auth_user (client with default to request.client)
then in db.py
if auth.user and auth.user.client!=request.client:
session.flash="oops"
redirect(URL('user/logout'))
On Nov 12, 8:39 am, Paul Gerrard wrote:
> Two machines with FF would be more reliable :O)
>
> I have a r
Two machines with FF would be more reliable :O)
I have a related question. Is there are way of stopping a user account
being used by more than one person simultaneously? Is there anything
in Web2p to help with thsi or would I need to have some form of DB/
session solution?
Thanks.
On Nov 11, 5:2
Short answer no.
Yet I found this:
http://www.fusioncube.net/index.php/multiple-sessions-firefox
I did not try it.
On Nov 11, 11:14 am, Alex wrote:
> Hello,
>
> I have a question regarding how the authentication defines each unique
> user session. I am working on an app that uses the authentic
Please do.
On Nov 8, 3:05 am, David Zejda wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> My application is running on more domains. Users wish to move from one
> domain to another, being still signed-in. I used combination of JS and
> Ajax to transfer the credentials from sessions b
I think the first table definition is more actual and cleaner than
second and it's how I am actually doing it
On 21 mayo, 16:49, annet wrote:
> I read chapter 8 of the web2py manual and some post on authentication
> to get started (again) implementing a cms.
>
> I read about MD5 and SHA-512, and
On Sat, 10 Apr 2010 15:35:05 -0700 (PDT), hamdy.a.fa...@inbox.com said:
> This's most likely to happen if you've more than one form in the same
> page so the question is , do you've another form inside the page ?
Thanks for the suggestion, but I don't have any other forms there. I'm
using the aut
Hi Keith Edmunds ,
This's most likely to happen if you've more than one form in the same
page
so the question is , do you've another form inside the page ?
--
To unsubscribe, reply using "remove me" as the subject.
It is already fixed in trunk because of other changes the trunk needs
some testing.
It would be of great help if you could test if this problem is gone
and auth still works.
On Jan 14, 5:38 pm, "b-global.net" wrote:
> Thank you Massimo, for all your help!!!
>
> Can I help to fix this bug?
>
> Al
Thank you Massimo, for all your help!!!
Can I help to fix this bug?
Also, can I use other email function/class with Auth ?
Thank you.
Best Regards,
Victor
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to
It is a bug but it is strange this has never shoed up before. Fixing
in trunk.
On Jan 14, 4:51 pm, "b-global.net" wrote:
> Hello:
>
> I have a problem, I do not know if this is a bug or I'm making
> something wrong!!! I add this:
>
> auth=Auth(globals(),self.db)
> auth.define_tabl
On Sep 1, 10:36 pm, mdipierro wrote:
> We currently provide out of the box authentication using google(when
> running on GAE), gmail, twitter, ldap, basic auth.
I'm curious about how to implement authentication using Google, and
specifically Google Apps for Domains. When I deploy web2py to appsp
Thank you, good to know.
What about...
- If I want to add more fields to the user registration more specific
to the application I want to create... how can I avoid having to
create 2 forms (one for Auth and other for user attributes that I
consider relevant to my application)? In other words, how
40 matches
Mail list logo
