You cannot mix authorization and services this way. It is complicated
an there are many cases....
If you have
@auth.requires_login()
def acceptme():
return 'accepted'
you can call "http://..../acceptme.json"; and you will get a JSON
response. You do not need the decorator.
@auth.requires_login()
@service.json()
def acceptme():
return 'accepted'
def run(): return service()
exposes "http://..../service/json/acceptme"; before requiring login.
@service.json()
def acceptme():
return 'accepted'
@auth.requires_login()
def run(): return service()
this should work but will require login for all services
@service.json()
@auth.requires_login()
def acceptme():
return 'accepted'
def run(): return service()
this is not completely clear to me why does not work but I see some
logical problems.
Massimo
On Jun 23, 7:31 pm, Hasanat Kazmi <hasanatka...@gmail.com> wrote:
> Here is an interesting behavior.
> i have following function
>
> @auth.requires_login()
> @service.json
> @service.jsonrpc
> def acceptme():
> return "accepted"
>
> in this case, whatever username and password I give, I get returned
> "accepted" but if I put @auth.requires_login() after @service.jsonrpc,
> it always returns me "Object does not exist" .
>
> I call it like
> this:http://hasanatkazmi%40gmail.com:**...@localhost:8000/sahana/admin/cal...
>
> Anyone has an idea whats going on?
>
> On Jun 4, 7:28 am, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
> wrote:
>
> > I've tried this with the pyjamas tutorial and it didn't work. I've
> > enabled user registration and registered a user whose credentials are
> > used in the URL below. I got a server error when a function requiring
> > user authentication was called.
>
> > I changed the line
>
> > JSONProxy.__init__(self, "../../default/call/jsonrpc", ["getTasks",
> > "addTask","deleteTask"])
>
> > to read
>
> > JSONProxy.__init__(self,
> > "http://myemail%40gmail.com%3amypassw...@127.0.0.1:8000/pyjamas/defaul...";,
> > ["getTasks", "addTask","deleteTask"])
>
> > What am I missing?
>
> > Thanks.
>
> > On Mon, Jun 1, 2009 at 12:51 PM, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > > OK. As you request since the latest version in trunk you can do
>
> > > @auth.requires_login()
> > > def index(): return 'hello world'
>
> > > and access it with
>
> > > curl -u username:passwordhttp://127.0.0.1:8000/app/default/index
>
> > > or
>
> > > curlhttp://username:passw...@127.0.0.1:8000/app/default/index
>
> > > In the latter case username and password have to be encoded by
> > > urllib.quote()
>
> > > works for services too.
>
> > > Massimo
>
> > > On May 31, 10:43 pm, Dan <danbr...@gmail.com> wrote:
> > >> Since my last message on this thread, I came up with a patch to the
> > >>Auth.login() code that lets me do what I need, so figured I should
> > >> post it here. Let me know if you see any issues with this approach (or
> > >> improvements to it).
>
> > >> To recap, what I want to do is to let a script runing wget (not a
> > >> browser)loginand then work with some parts of the app that require
> > >> membership in groups. I want to pass the user's name and password to
> > >> theloginformusing post variables in the URL. This is not normally
> > >> possible with web2py'sAuth.login() function, so it needs to be
> > >> modified, like this-
>
> > >> referring to source code
> > >> here:http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools-pysrc...
> > >> Change these 3 lines ...
> > >> 622 ifFORM.accepts(form, request.vars, session,
> > >> 623 formname='login',
> > >> 624 onvalidation=onvalidation):
>
> > >> ... to be these 3 lines:
> > >> if username in request.vars.keys() and request.vars.password and \
> > >> FORM.accepts(form, request.vars,
> > >> formname=None, onvalidation=onvalidation):
>
> > >> This change lets theformtake the username and password from the
> > >> URL's post variables (or theformitself - but not both of course).
> > >> Then my script willloginusing wget's optional arguments "--keep-
> > >> session-cookies --save-cookies=" when submitting the user name and
> > >> password to the app'sloginfunction. These wget options store the
> > >> session cookie in a local file. Then subsequent wget calls to the
> > >> restricted parts of the app can use those cookies as a token to gain
> > >> access with the option "--load-cookies=".
>
> > >> Apologies for straying a bit from the original use case of this
> > >> thread, but perhaps it's general approach will be a helpful hint.
>
> > >> Also: I don't fully understand what the purpose of the "formname"
> > >> parameter is, or why it was necessary to None-ify it. If someone can
> > >> explain this to me, I'd appreciate it.
>
> > >> Dan
>
> > >> On May 29, 6:15 pm, Dan <danbr...@gmail.com> wrote:
>
> > >> > Reviving this thread from before... I would like to have a shell
> > >> > script use wget to authenticate itself and access the data in a web2py
> > >> > application, but I haven't been able to get the web2py app to accept
> > >> > the post'ed email and password information, which I sent to the user/
> > >> >loginURL. Is this the right way to do it?
>
> > >> > I see some passing references to alternate authorization methods in
> > >> > the documentation and the code, but I haven't been able to get much
> > >> > detail on what those might be. For example-
>
> > >> >http://mdp.cti.depaul.edu/examples/default/tools#authentication:
> > >> > "TheAuthcalls can be extended, personalized, and replaced by other
> > >> > authentication mechanisms which expose a similar interface."
>
> > >> > and
> > >> > inhttp://mdp.cti.depaul.edu/examples/static/epydoc/web2py.gluon.tools-p...
> > >> > :
> > >> > 644 if not user:
> > >> > 645 ## try alternateloginmethods
> > >> > 646 for login_method in
> > >> > self.settings.login_methods:
> > >> > 647 if login_method != self and \
> > >> > 648 login_method(request.vars
> > >> > [username],
> > >> > 649
> > >> > request.vars.password):
> > >> > 650 user = self.get_or_create_user
> > >> > (form.vars)
>
> > >> > Is there a place where I can find out more about what already exists,
> > >> > or how to go about getting something like what the original message in
> > >> > this thread described?
>
> > >> > Dan
>
> > >> > On May 17, 8:22 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > >> > > I need to look into this. I do not think there can be a generic
> > >> > > approach. Each protocol has its own quirks and some do not handle
> > >> > > session or authenication.
>
> > >> > > Massimo
>
> > >> > > On May 17, 8:14 pm, jcorbett <jasoncorb...@gmail.com> wrote:
>
> > >> > > > I love the service framework, however I am interested in being
> > >> > > > able to
> > >> > > > authenticate users. With json/jsonrpcthis shouldn't be too hard as
> > >> > > > the browser that the ajax request would come from would have the
> > >> > > > same
> > >> > > > session.
>
> > >> > > > Particularly I am concerned with writing an xmlrpc service that
> > >> > > > requires authentication. TheAuthclass doesn't seem to expose any
> > >> > > > of
> > >> > > > the lower level logic for authentication (like aloginfunction that
> > >> > > > takes a username and a password). Any ideas on how I can do this.
> > >> > > > I'm not afraid of writing my own implimentation, however I would
> > >> > > > love
> > >> > > > to piggy back off what is already there.
>
> > >> > > > I would figure I would want to have aloginfunction that would
> > >> > > > create
> > >> > > > a session key (limited lifetime), and each function would be
> > >> > > > required
> > >> > > > to provide that key.
>
> > >> > > > Any ideas would be appreciated.
>
> > >> > > > Jason Corbett
> > >> > > > BTW I love the simplicity of web2py, it took me maybe 2-3 hours to
> > >> > > > write a simple app that was even themed.
>
> > --
> > Alexei Vinidiktov
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
