will look into this..
On Aug 17, 2:41 am, Niphlod <niph...@gmail.com> wrote: > sorry for the late answer... > > in order to let web2py be a real kickass framework also for web > services, I think that some validators have to be rewritten/added. > > Usually I tend not to harrass the devs if what I want isn't there, but > you look real active, so...I think that web2py needs 1 more setting > (like "allow_basic_login_only=True") and: > > - let basic auth be the only auth system (i.e. now basic auth is > alternative to "normal" auth, and if headers are not found web2py kick > in the "normal" system)) > - return a 401 if headers of basic authentication are not in the > request (could be optional and taken care by the "real" webserver, but > I think is needed) > - return a 403 if user has no permission (instead of being redirected > to login) > - a general rewrite of validators where if user has_no_perm > (required_login, has_membership, has_permission, etc etc etc) a 403 is > returned and not a redirect > > This could lead to break backward compatibility, and it's the reason > behind I didn't ask for this in the beginning....taking out "redirect" > from the various place it's found on Auth() hardly will be > possible.... I though also to "change" some settings that by now are > "where you want the user to be redirected" to a real function i.e. > > instead of: > > if foo and not bar: > redirect(self.settings.login_url + \ > '?_next='+urllib.quote(next)) > > making something like > > if foo and not bar: > auth.settings.foobar > > with the scaffolding app (or the default values) being: > > auth.settings.foobar = redirect(self.settings.login_url + '? > _next='+urllib.quote(next)) > > so I could make auth.settings.foobar = raise HTTP(403) or something > like that > > Sorry if I explained myself wrong, feel free to ask explanation > > Niphlod > > On 16 Ago, 05:52, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > How would you like it to work? > > > On 15 Ago, 17:27, Niphlod <niph...@gmail.com> wrote: > > > > how are you posting data to the consumer ? > > > > apart from auth.settings.allow_basic_login = True there's nothing I > > > did to enable it....and it's working (sadly not the way I'd like, but > > > works as intended (additional method of authentication...))- Nascondi > > > testo citato > > > - Mostra testo citato -
