Re: [web2py] Re: Found a bug: XMLRPC with basic authorization fails

Mon, 24 Oct 2011 15:53:12 -0700 

Hi,

I think that is a good starting point for us. Massimo,
if you and you other guys don't mind, we'd like to try to fix this bug.
I already looked into the sourcecode and have an idea but I need to
check this :) .

Regards

Hong-Khoan


Am 24.10.2011 02:48, schrieb Robert Clark:
> Hi Massimo
> 
> Here are the steps to reproduce this problem in web2py 1.99.2 (these
> steps worked fine on 1.98.x versions)
> 
> 1) In web2py admin create "New simple application" called "foo"
> 
> 2) Add to db.py:
>     auth.settings.allow_basic_login = True
> 
> 3) Decorate call() with @auth.requires_login in default.py:
> 
>     @auth.requires_login()
>     def call():
>         ...
> 
> 4) Add a simple XMLPRC method to default.py:
> 
>     @service.xmlrpc
>     def multiply(a=1,b=1):
>         return dict(answer=int(a) * int(b))
> 
> 5) Register a user with email "bob.sm...@foo.com" password "snowball"
> 
> 6) From a python shell use ServerProxy to invoke the service
> 
>> from xmlrpclib import ServerProxy
>> server = 
>> ServerProxy('http://bob.sm...@foo.com:snowball@localhost:8000/foo/default/call/xmlrpc',
>>  verbose=True)
>> server.multiply(2, 2)
> 
> ...
> reply: 'HTTP/1.1 303 SEE OTHER\r\n'
> ...
> 
> 
> 
> Cheers,
> Rob
> 
> 
> On Oct 22, 2:59 am, Massimo Di Pierro <massimo.dipie...@gmail.com>
> wrote:
>> Can you provide an example to reproduce the problem?
>>
>> On Oct 21, 12:38 am,RobinMarshall<robin.d.marsh...@gmail.com>
>> wrote:
>>
>>
>>
>>
>>
>>
>>
>>> Hi,
>>
>>> Just wanted to say that we found a bug in 1.99.2 when using XMLRPC
>>> services with the @auth.requires_login decorator using basic
>>> authentication.
>>
>>> It looks like some code was refactored out of requires_login into a
>>> generic requires method which might be the cause of the problem.
>>
>>> A quick hack was to change the following code, but obviously that
>>> won't work very well for people who aren't using basic authentication.
>>
>>>     def is_logged_in(self):
>>>         """
>>>         checks if the user is logged in and returns True/False.
>>>         if so user is in auth.user as well as in session.auth.user
>>>         """
>>>         if self.user:
>>>             return True
>>>         return False
>>
>>> to:
>>
>>>     def is_logged_in(self):
>>>         """
>>>         checks if the user is logged in and returns True/False.
>>>         if so user is in auth.user as well as in session.auth.user
>>>         """
>>>         if self.basic() and self.user:
>>>             return True
>>>         return False
>>
>>> Cheers,
>>> Robin

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to