good catch! we will have to refactor that to support earlier versions of
python.
On Sunday, 27 December 2015 01:02:09 UTC-6, Lou C wrote:
>
> I am running version 2.13.4 on GAE which runs on python 2.7.5. The problem
> arises when using the @auth.allows_jwt() decorator. The error I get is
> AttributeError:
> 'module' object has no attribute 'compare_digest'.
> Which is being called in :
>
> def verify_signature(self, body, signature, secret):
> mauth = hmac.new(key=secret, msg=body, digestmod=self.digestmod)
> return hmac.compare_digest(self.jwt_b64e(mauth.digest()),
> signature)
>
> I believe this is because hmac.py uses compare_digest in version 2.7.7.
> Anyway to use jwt on GAE ?
>
> On Friday, December 25, 2015 at 9:04:11 PM UTC-8, Massimo Di Pierro wrote:
>>
>> This is issue is now fixed in 2.13.4. :-)
>>
>> On Friday, 25 December 2015 22:37:54 UTC-6, Πέτρος Χατζηλάμπρος wrote:
>>>
>>> Mrry Christmas!!!!
>>>
>>> I found the following bug in version 2.13.3:
>>>
>>> I am using linux mint and I have a folder named web2py on the ~/Desktop
>>> I was using to run web2py by opening terminal and giving the command
>>> "python ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0".
>>> After the update to version 2.13.3 the following error appears
>>> Traceback (most recent call last):
>>> File "/home/tsouras/Desktop/web2py/web2py.py", line 6, in <module>
>>> import gluon.widget
>>> File "/home/tsouras/Desktop/web2py/gluon/widget.py", line 26, in
>>> <module>
>>> import gluon.main as main
>>> File "/home/tsouras/Desktop/web2py/gluon/main.py", line 125, in
>>> <module>
>>> raise RuntimeError("Cannot determine web2py version")
>>> RuntimeError: Cannot determine web2py version
>>>
>>> So, I did some debugging and I found out
>>> that global_settings.gluon_parent is "/home/tsouras" instead of being
>>> "/home/tsouras/Desktop/web2py"
>>> I overcome this problem by opening terminal and giving command "cd
>>> ~Desktop/web2py" before giving the command "python
>>> ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0"
>>>
>>> I did not have this problem using the previous version of web2py
>>>
>>> On Thursday, December 24, 2015 at 5:21:42 PM UTC+2, Massimo Di Pierro
>>> wrote:
>>>>
>>>> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!!
>>>>
>>>> It contains some bug fixes for bugs introduced in 2.13.1-2 and most
>>>> importantly it contains experimental support for JWT. Here is how it works:
>>>>
>>>> 1) instantiate auth with
>>>>
>>>> auth = Auth(db, jwt = {'secret_key':'secret'})
>>>>
>>>> where 'secret' is your own secret string.
>>>>
>>>> 2) Secorate functions that require login but should accept the
>>>> JWT token credentials:
>>>>
>>>> @auth.allows_jwt()
>>>> @auth.requires_login()
>>>> def myapi(): return 'hello %s' % auth.user.email
>>>>
>>>> Notice jwt is allowed but not required. if user is logged in,
>>>> myapi is accessible.
>>>>
>>>> 3) Use it!
>>>> Now API users can obtain a token with
>>>>
>>>> http://.../app/default/user/jwt?username=...&password=....
>>>>
>>>> (returns json object with a token attribute)
>>>> API users can refresh an existing token with
>>>>
>>>> http://.../app/default/user/jwt?token=...
>>>>
>>>> they can authenticate themselves when calling http:/.../myapi
>>>> by injecting a header
>>>>
>>>> Authorization: Bearer <the jwt token>
>>>>
>>>> Any additional attributes in the jwt argument of Auth() below:
>>>>
>>>> auth = Auth(db, jwt = {...})
>>>>
>>>> are passed to the constructor of class AuthJWT. Look there for
>>>> documentation.
>>>>
>>>> Thanks Niphlod again for implementing this.
>>>> Please help us check it so we will declare it stable in the next
>>>> release.
>>>>
>>>> Massimo
>>>>
>>>>
>>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
