Re: [web2py] Logic check in View, to check if auth.user.group_id...
Thanks, that worked. I think the problem was I wasn't using `auth.user` but `auth_user`. Full working example: {{if auth.is_logged_in():}}{{if group[0].id in auth.user.member_of:}}{{=T('Welcome back Mr member!')}}{{else:}}{{=T('Become a member today')}}{{pass}}{{pass}} On Tue, Jul 24, 2012 at 6:28 AM, Anthony abasta...@gmail.com wrote: Have you tried: {{if thisgroupid in auth.user.member_of:}} Once the user is logged in, auth.user contains the user record from the auth_user table, so auth.user.member_of should be the list of group_of_events id's for the logged in user. Anthony On Monday, July 23, 2012 4:20:36 PM UTC-4, Alec Taylor wrote: Yes I do. I have also tried with a bunch of other permutations. Reading through the `Auth` reference, I found a few useful functions, most helpful being: {{=auth._get_user_id()}} Using that I will be able to query the db, but will need to put the reference on the group side rather than the user side. Was planning that (or a two-way reference) anyway. On Tue, Jul 24, 2012 at 5:46 AM, Bruno Rocha rochacbr...@gmail.comwrote: Do you have a member_of field in your auth_user table? On Mon, Jul 23, 2012 at 4:40 PM, Alec Taylor alec.tayl...@gmail.comwrote: Just noticed I had underscore instead of point, still isn't working though: type 'exceptions.AttributeError' 'NoneType' object has no attribute 'member_of' On Tue, Jul 24, 2012 at 5:36 AM, Alec Taylor alec.tayl...@gmail.comwrote: On Tue, Jul 24, 2012 at 5:09 AM, Bruno Rocha rochacbr...@gmail.comwrote: there is no request.auth_user by default, did you created this? I think you can do (with trunk) {{if thisgroupid in auth.user_groups:}} Unfortunately that didn't work either... I'm running Version 2.0.0 (2012-07-20 17:37:48) dev: type 'exceptions.NameError' name 'auth_user' is not defined -- -- -- --
Re: [web2py] Re: load deletes the values of submit-buttons
Hi Antony, the workaround http://forum.jquery.com/topic/submit-event-serialize-and-submit-buttons-get-the-button-name works fine - thank you! 2012/7/23 Anthony abasta...@gmail.com This is not specific to the LOAD() helper but a limitation of the jQuery serialize() method used to post form data via Ajax. See https://groups.google.com/d/msg/web2py/708hxAdDGKY/2bNwbQVXc04J (includes link to possible workaround). Anthony On Monday, July 23, 2012 3:48:56 PM UTC-4, mweissen wrote: Hi, I have a simple form with two submit-buttons. First try: def index(): form=FORM( INPUT(_type='submit', _value='A', _name='AA'), INPUT(_type='submit', _value='B', _name='BB'), ) if form.accepts(request, session): return dict(AA=form.vars.AA, BB=form.vars.BB) return dict(AA=form, BB='') And a simple view index.html AA: {{=AA}}br /BB: {{=BB}} A click on button A gives AA:A BB: and a click on B gives AA: BB:B Everything works as expected - I need to know, which submit-button has been pressed. --- Secondy try: Now I have two other views, index.load like index.html AA: {{=AA}}br /BB: {{=BB}} and an index2.html {{extend 'layout.html'}} {{=LOAD('default','index.load'**,ajax=True)}} Calling index2.html allows a click on button A and button B, but the values have gone. The result is always AA: BB: It is not possible to decide, which submit button was active. Any ideas? Regard, Martin -- --
[web2py] how to change the behavior of the login functionality when using openid
Hi, I would like to change the behavior once an openid authenticated user is redirected back to the app. Currently this is the behaviour of the login page when using the openidauth- 1) User enters the open ID endpoint and enters submit. 2) User is redirected to the openid server. 3) User authenticates himself. 4) User is redirected back to the login page. 5) User is displayed a form where he is asked to register his id with the web2py app. I would like to change the behavior so that once the user is redirected back after authentication ( step 4) he should also be logged in to the app. The user should not then see another form for registeration (step 5) I have gone through the openidauth code in the contrib, but cannot figure out why the user lands on the registration page. Will appreciate if someone can point out what files need to be changed to accompolish this. Thanks, Murtaza --
[web2py] field of type upload exceptions.UnboundLocalError
In a table I defined the following field: Field('photoFile',type='upload',autodelete=True), with the following validator: db.Person.photoFile.requires=IS_EMPTY_OR(IS_IMAGE(extensions=('gif','jpg','jpeg','png'),maxsize=(72,72)),IS_LENGTH(36*1024,error_message='file size exceeds 36 KB')) When I insert a person without a photoFile I get the following error: Traceback (most recent call last): File /Library/Python/2.5/site-packages/web2py/gluon/restricted.py, line 205, in restricted exec ccode in environment File /Library/Python/2.5/site-packages/web2py/applications/bootstrap/controllers/appadmin.py http://127.0.0.1:8000/admin/default/edit/bootstrap/controllers/appadmin.py, line 433, in module File /Library/Python/2.5/site-packages/web2py/gluon/globals.py, line 173, in lambda self._caller = lambda f: f() File /Library/Python/2.5/site-packages/web2py/applications/bootstrap/controllers/appadmin.py http://127.0.0.1:8000/admin/default/edit/bootstrap/controllers/appadmin.py, line 128, in insert if form.accepts(request.vars, session): File /Library/Python/2.5/site-packages/web2py/gluon/sqlhtml.py, line 1207, in accepts newfilename = field.store(source_file, original_filename, field.uploadfolder) UnboundLocalError: local variable 'source_file' referenced before assignment This is in web2py version 1.99.7 Kind regards, Annet --
[web2py] Re: field of type upload exceptions.UnboundLocalError
I also found out that underscores are no allowed in the file name: portrait_01.jpg results in a error message. Apart from the usual, are there any other characters not allowed in file names? Kind regards, Annet --
[web2py] how to achieve public/private key authentication for web service in web2py?
Hi, I have to provide public/private key authentication for accessing web service (REST) from client in my web2py application.How to achieve it? Scenario: 1.Each client will have unique private key which will be sent to the server alongwith request. 2. Server has to authenticate private key using public key(unique for each client) and then allow to access the web service method. For e.g. suppose one client say X has requested for web service add() so server has to first validate the public key with client's private key and if validation is successful then allow to access the web service add(). Challenges: where to store public key of each client?we can't store it in the db because server can't access db before validation of web service method.So will it be store somewhere in PC(where server is running)?if yes then how and which format? NOTE: Here Server will be completely written in web2py and client is separate application running on the hardware device. --
Re: [web2py] displacement of password button [web2py twitter bootstrap]
On 24 July 2012 05:03, Kevin Miller kevinvani...@gmail.com wrote: Hi all, Anyone knows why the password button is displaced by the welcome message when using twitter bootstrap and Nightly Build? I have attached a picture as example. No such problem here. I have attached mine (on the welcome app) Regards Johann -- Because experiencing your loyal love is better than life itself, my lips will praise you. (Psalm 63:3) -- attachment: Selection_001.png
Re: [web2py] Re: bootstrap and user panel
Hello Delete the content on database dir. The system recreate auth tables. On Tue, Jul 24, 2012 at 2:49 AM, murtaza52 murtaza.hus...@sevenolives.comwrote: Hello Martin, The CSS is cool so +1 for this. 1) I cloned your welcome app repo and placed it under applications, this is the summary of the error I get when I browse to the app - 127.0.0.1.2012-07-24.11-12-36.3a36305c-435d-4087-ab03-e427b4e00812 class 'sqlite3.OperationalError' table auth_user already exists 2) Below is the error I recieved from the useradmin app when I did the same - 127.0.0.1.2012-07-24.11-17-36.3a723b6d-872c-49e2-878d-65fab3349ca5 type 'exceptions.TypeError' define_tables() got an unexpected keyword argument 'signature' What am I doing wrong ? Thanks, Murtaza On Tuesday, July 24, 2012 9:27:49 AM UTC+5:30, Massimo Di Pierro wrote: This looks great. Are you proposing it as a replacement for the current welcome? pros? cons? On Monday, 23 July 2012 19:02:47 UTC-5, Martin.Mulone wrote: I want to share this two applications* Bootstrap welcome application* I made my own welcome scatfold app, using twitter bootstrap template. My version is more like from the example template. Download: https://bitbucket.org/**mulonemartin/bootstrap/**overviewhttps://bitbucket.org/mulonemartin/bootstrap/overviewalso you can test here http://testbootstrap.tecnodoc.com.ar/. *User Panel Admin* An application to administer the auth_user table. You can add, remove, activate users/ add groups, also add users to groups and so on. https://bitbucket.org/**mulonemartin/usersadminhttps://bitbucket.org/mulonemartin/usersadmin -- --
[web2py] computed fields question
hi, I have a function and a computed field def content_snapshot(s): #do something with s return modified_s Field(content_snapshot, text, readable=False, writable=False, compute=lambda r: content_snapshot(r['content'])), and it works only for insert operations, on updates it is not changed any thoughts? --
Re: [web2py] Re: bootstrap and user panel
Edit model/00main.py and change migrate=False to use the current sqlite db. Or delete the content in dabase then add a user and make membership of the Admin group with appadmin. type 'exceptions.TypeError' define_tables() got an unexpected keyword argument 'signature' What am I doing wrong ? mmh perhaps because I made some changes from the trunk welcome. What version of web2py?. 2012/7/24 murtaza52 murtaza.hus...@sevenolives.com Hello Martin, The CSS is cool so +1 for this. 1) I cloned your welcome app repo and placed it under applications, this is the summary of the error I get when I browse to the app - 127.0.0.1.2012-07-24.11-12-36.3a36305c-435d-4087-ab03-e427b4e00812 class 'sqlite3.OperationalError' table auth_user already exists 2) Below is the error I recieved from the useradmin app when I did the same - 127.0.0.1.2012-07-24.11-17-36.3a723b6d-872c-49e2-878d-65fab3349ca5 type 'exceptions.TypeError' define_tables() got an unexpected keyword argument 'signature' What am I doing wrong ? Thanks, Murtaza On Tuesday, July 24, 2012 9:27:49 AM UTC+5:30, Massimo Di Pierro wrote: This looks great. Are you proposing it as a replacement for the current welcome? pros? cons? On Monday, 23 July 2012 19:02:47 UTC-5, Martin.Mulone wrote: I want to share this two applications* Bootstrap welcome application* I made my own welcome scatfold app, using twitter bootstrap template. My version is more like from the example template. Download: https://bitbucket.org/**mulonemartin/bootstrap/**overviewhttps://bitbucket.org/mulonemartin/bootstrap/overviewalso you can test here http://testbootstrap.tecnodoc.com.ar/. *User Panel Admin* An application to administer the auth_user table. You can add, remove, activate users/ add groups, also add users to groups and so on. https://bitbucket.org/**mulonemartin/usersadminhttps://bitbucket.org/mulonemartin/usersadmin -- -- http://www.tecnodoc.com.ar --
[web2py] Re: weird behavior in crud update
I think we should. On Monday, 23 July 2012 23:16:18 UTC-5, Anthony wrote: Should we mark Crud as deprecated in the book? On Monday, July 23, 2012 11:55:14 PM UTC-4, Massimo Di Pierro wrote: Please do not use crud. It is not needed any more. You can do everything and better with SQLFORM().process(). We are not going to change the behavior of curd now that we have a more powerful tool (SQLFORM). On Monday, 23 July 2012 16:55:49 UTC-5, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan --
Re: [web2py] computed fields question
you dont need to set writable=False. I think it is default for conputed fields. I've seem this happening before, but I cant remember the reason. (may be the writable False can be the issue) http://zerp.ly/rochacbruno Em 24/07/2012 07:34, Vasile Ermicioi elff...@gmail.com escreveu: hi, I have a function and a computed field def content_snapshot(s): #do something with s return modified_s Field(content_snapshot, text, readable=False, writable=False, compute=lambda r: content_snapshot(r['content'])), and it works only for insert operations, on updates it is not changed any thoughts? -- --
[web2py] Re: weird behavior in crud update
I think we should but I am afraid people may misunderstand. Crud is not going away (because of backward compatibility), simply it is no longer the recommended way to implement the functionality. On Monday, 23 July 2012 23:16:18 UTC-5, Anthony wrote: Should we mark Crud as deprecated in the book? On Monday, July 23, 2012 11:55:14 PM UTC-4, Massimo Di Pierro wrote: Please do not use crud. It is not needed any more. You can do everything and better with SQLFORM().process(). We are not going to change the behavior of curd now that we have a more powerful tool (SQLFORM). On Monday, 23 July 2012 16:55:49 UTC-5, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan --
Re: [web2py] Re: Auth has no attribute signature
Good point. I will discuss this on web2py-developers. We may need to revert this patch or find a different solution to the problem. On Monday, 23 July 2012 23:43:07 UTC-5, David J wrote: Ok. I am not going to complain about it because I fixed the app, However, I did see it in the docs. if you search the docs for auth.signature it shows the usage. But here is where it broke..I had a custom auth table, and in that table I called db.define_table( auth.settings.table_user_name, Field('first_name', length=64, default='',widget = lambda f, v: SQLFORM.widgets.string.widget(f, v, _class='span6')), ..., auth.signature) custom_auth_table = db[auth.settings.table_user_name] # get the custom_auth_table custom_auth_table.first_name.requires = \ IS_NOT_EMPTY(error_message=auth.messages.is_empty) custom_auth_table.last_name.requires = \ IS_NOT_EMPTY(error_message=auth.messages.is_empty) custom_auth_table.password.requires = [CRYPT(key=auth.settings.hmac_key)] custom_auth_table.email.requires = [ IS_EMAIL(error_message=auth.messages.invalid_email), IS_NOT_IN_DB(db, custom_auth_table.email)] db.auth_user.is_active.writable = db.auth_user.is_active.readable=False db.define_tables() Anyway; like I said, I am fine either way, if other users complain about it, then I may change my opinion. I just thought I would bring it up as I am sure you like feedback regarding these types of changes. Thanks. David On 7/23/12 11:53 PM, Massimo Di Pierro wrote: Yes. auth.signature used to be defined when Auth() is instantiated. Now it is defined when auth.define_tables() is called. There is disagreement on whether this is a breaking of backward compatibility since this is not exactly documented. There are reason for the switch. Is this a big deal? It is not clear whether this change of behavior should propagate to stable. On Monday, 23 July 2012 16:38:18 UTC-5, David J wrote: I just upgraded my web2py to latest trunk. I get an exception S'(\'Auth\' object has no attribute \'signature\',)' did something change. I tried the mailing list archive to see, but maybe I missed something. Thanks. -- --
[web2py] Re: weird behavior in crud update
Crud is much quicker to implement then SQLFORM (or maybe i just do not understand it and I'm wrong on that). This was cool for the purpose of making web app prototypes. But i agree on the principle to go with one (and better) tool. Thanks for explanation. Kristjan On Monday, 23 July 2012 23:55:49 UTC+2, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan --
[web2py] Re: field of type upload exceptions.UnboundLocalError
In gluon/sqlhtml.py there is this logic: elif field.type == 'upload': f = self.vars[fieldname] fd = '%s__delete' % fieldname ... newfilename = field.store(source_file, original_filename, field.uploadfolder) can you add some print statements and help us debug. How it is possible that source_file is None? What is the value of the variable f when this happens. it should accept any character in the original filename. If it does not, where does it fail? Please open a ticket and link this thread so the issue gets tracked. On Tuesday, 24 July 2012 02:51:50 UTC-5, Annet wrote: In a table I defined the following field: Field('photoFile',type='upload',autodelete=True), with the following validator: db.Person.photoFile.requires=IS_EMPTY_OR(IS_IMAGE(extensions=('gif','jpg','jpeg','png'),maxsize=(72,72)),IS_LENGTH(36*1024,error_message='file size exceeds 36 KB')) When I insert a person without a photoFile I get the following error: Traceback (most recent call last): File /Library/Python/2.5/site-packages/web2py/gluon/restricted.py, line 205, in restricted exec ccode in environment File /Library/Python/2.5/site-packages/web2py/applications/bootstrap/controllers/appadmin.py http://127.0.0.1:8000/admin/default/edit/bootstrap/controllers/appadmin.py, line 433, in module File /Library/Python/2.5/site-packages/web2py/gluon/globals.py, line 173, in lambda self._caller = lambda f: f() File /Library/Python/2.5/site-packages/web2py/applications/bootstrap/controllers/appadmin.py http://127.0.0.1:8000/admin/default/edit/bootstrap/controllers/appadmin.py, line 128, in insert if form.accepts(request.vars, session): File /Library/Python/2.5/site-packages/web2py/gluon/sqlhtml.py, line 1207, in accepts newfilename = field.store(source_file, original_filename, field.uploadfolder) UnboundLocalError: local variable 'source_file' referenced before assignment This is in web2py version 1.99.7 Kind regards, Annet --
Re: [web2py] displacement of password button [web2py twitter bootstrap]
Which version are you using? oops... I forgot to say that it only happens in google chrome. On Tue, Jul 24, 2012 at 4:58 AM, Johann Spies johann.sp...@gmail.comwrote: On 24 July 2012 05:03, Kevin Miller kevinvani...@gmail.com wrote: Hi all, Anyone knows why the password button is displaced by the welcome message when using twitter bootstrap and Nightly Build? I have attached a picture as example. No such problem here. I have attached mine (on the welcome app) Regards Johann -- Because experiencing your loyal love is better than life itself, my lips will praise you. (Psalm 63:3) -- --
Re: [web2py] displacement of password button [web2py twitter bootstrap]
On 24 July 2012 14:13, Kevin Miller kevinvani...@gmail.com wrote: Which version are you using? oops... I forgot to say that it only happens in google chrome. I have updated this morning from the trunk and that was using Firefox. I have tested now in Chrome and it also works correctly. Regards Johann -- Because experiencing your loyal love is better than life itself, my lips will praise you. (Psalm 63:3) --
[web2py] User accessed site without logging in
I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil --
Re: [web2py] displacement of password button [web2py twitter bootstrap]
Thank you for testing for me. I downloaded this morning at its working now. I had a previous download that was not updated, so whatever was causing that was fixed some time ago. Thanks again. On Tue, Jul 24, 2012 at 7:17 AM, Johann Spies johann.sp...@gmail.comwrote: On 24 July 2012 14:13, Kevin Miller kevinvani...@gmail.com wrote: Which version are you using? oops... I forgot to say that it only happens in google chrome. I have updated this morning from the trunk and that was using Firefox. I have tested now in Chrome and it also works correctly. Regards Johann -- Because experiencing your loyal love is better than life itself, my lips will praise you. (Psalm 63:3) -- -- Kevin Miller Acting Data Controller Department of Computing UWI, Mona Kingston 7 --
[web2py] Suggestion - a pickled DAL field
Hi web2pyers, very often, I have a field in the table which has to hold a complicated value (most often numpy arrays). The way I implement it is that I use text as the type of field, and then simply pickle.dumps(my_value) when I save the field, and then pickle.loads(value_from_db) to access the field again. My suggestion is simple - create field that automatically pickles the values it gets and unpickles them on extraction. Is this already implemented? Do you have other suggestions on how to implement this so that I won't need to pickle every time I access the table? Best wishes, Omri --
[web2py] Best way to create db form with one option?
I'm trying to create a simple form which presents the user with a functional Join button if they aren't a member, and a Leave group button if they aren't. Unfortunately I seem to be overcomplicating this: @auth.requires_login()def group_membership(group_id): is_member = False try: if auth.user.id in db(db.group_of_events.id == group_id).select()[0].members: is_member=True except TypeError: pass return dict(is_member=is_member) @auth.requires_login()def add_member_to_group(group_id): success=False try: group = db(db.group_of_events.id == group_id).select()[0] if auth.user.id not in group.members: group.update_record( members=group.members+auth.user.id ) success=True except TypeError: pass return dict(success=success) Is there an easier way of creating a form with one option? Thanks for all suggestions, Alec Taylor --
Re: [web2py] User accessed site without logging in
For sure using trunk is not very safe in production environnement, not because it not secure, but because sometimes things brake when new features are added. If you don't need edge feature, better to stick with stable. For the problem you describe, I think if you show us the way you activate auth could help. I mean it is not just a matter of using decorator... I am not the best one to help you fix this issue, but if you give us more information like what's in you db.py and all the auth setting you set, I am sure there is more knowledge users that will be kind and will help. Richard On Tue, Jul 24, 2012 at 8:18 AM, Neil yager.n...@gmail.com wrote: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil -- --
Re: [web2py] Best way to create db form with one option?
I am not exactly sure what you really want to achieve, but I did something like that where the user is allow to change from one group to an other base on preset of allowed groups. If you are interested I can show you the code. Richard On Tue, Jul 24, 2012 at 9:09 AM, Alec Taylor alec.tayl...@gmail.com wrote: I'm trying to create a simple form which presents the user with a functional Join button if they aren't a member, and a Leave group button if they aren't. Unfortunately I seem to be overcomplicating this: @auth.requires_login()def group_membership(group_id): is_member = False try: if auth.user.id in db(db.group_of_events.id == group_id).select()[0].members: is_member=True except TypeError: pass return dict(is_member=is_member) @auth.requires_login()def add_member_to_group(group_id): success=False try: group = db(db.group_of_events.id == group_id).select()[0] if auth.user.id not in group.members: group.update_record( members=group.members+auth.user.id ) success=True except TypeError: pass return dict(success=success) Is there an easier way of creating a form with one option? Thanks for all suggestions, Alec Taylor -- --
Re: [web2py] Best way to create db form with one option?
Trying to create a simple button (form), showing Join group if user isn't a member, and Leave group if user is a member. On Tue, Jul 24, 2012 at 11:14 PM, Richard Vézina ml.richard.vez...@gmail.com wrote: I am not exactly sure what you really want to achieve, but I did something like that where the user is allow to change from one group to an other base on preset of allowed groups. If you are interested I can show you the code. Richard On Tue, Jul 24, 2012 at 9:09 AM, Alec Taylor alec.tayl...@gmail.comwrote: I'm trying to create a simple form which presents the user with a functional Join button if they aren't a member, and a Leave group button if they aren't. Unfortunately I seem to be overcomplicating this: @auth.requires_login()def group_membership(group_id): is_member = False try: if auth.user.id in db(db.group_of_events.id == group_id).select()[0].members: is_member=True except TypeError: pass return dict(is_member=is_member) @auth.requires_login()def add_member_to_group(group_id): success=False try: group = db(db.group_of_events.id == group_id).select()[0] if auth.user.id not in group.members: group.update_record( members=group.members+auth.user.id ) success=True except TypeError: pass return dict(success=success) Is there an easier way of creating a form with one option? Thanks for all suggestions, Alec Taylor -- -- --
Re: [web2py] computed fields question
may be the writable False can be the issue yes, that is, thanks a lot Bruno but isn't it a weird behavior? --
Re: [web2py] Best way to create db form with one option?
So, what I have is not working like this! :( Richard On Tue, Jul 24, 2012 at 9:24 AM, Alec Taylor alec.tayl...@gmail.com wrote: Trying to create a simple button (form), showing Join group if user isn't a member, and Leave group if user is a member. On Tue, Jul 24, 2012 at 11:14 PM, Richard Vézina ml.richard.vez...@gmail.com wrote: I am not exactly sure what you really want to achieve, but I did something like that where the user is allow to change from one group to an other base on preset of allowed groups. If you are interested I can show you the code. Richard On Tue, Jul 24, 2012 at 9:09 AM, Alec Taylor alec.tayl...@gmail.comwrote: I'm trying to create a simple form which presents the user with a functional Join button if they aren't a member, and a Leave group button if they aren't. Unfortunately I seem to be overcomplicating this: @auth.requires_login()def group_membership(group_id): is_member = False try: if auth.user.id in db(db.group_of_events.id == group_id).select()[0].members: is_member=True except TypeError: pass return dict(is_member=is_member) @auth.requires_login()def add_member_to_group(group_id): success=False try: group = db(db.group_of_events.id == group_id).select()[0] if auth.user.id not in group.members: group.update_record( members=group.members+auth.user.id ) success=True except TypeError: pass return dict(success=success) Is there an easier way of creating a form with one option? Thanks for all suggestions, Alec Taylor -- -- -- --
Re: [web2py] User accessed site without logging in
Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db, hmac_key=Auth.get_or_create_key()) crud, service, plugins = Crud(db), Service(), PluginManager() auth.define_tables() db.auth_user.last_name.requires = None auth.settings.actions_disabled.append('register') auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = True auth.settings.reset_password_requires_verification = False auth.settings.login_next = URL(social_anxiety, user_main) auth.settings.logout_next = URL(default, index) ... and in default.py: def index(): session.forget(response) if auth.is_logged_in(): redirect(URL(c='social_anxiety', f='user_main')) else: return dict() def user(): if request.args(0) == 'register': db.auth_user.first_name.comment = '(or an anonymous user name)' elif request.args(0) == 'profile': redirect(URL(c='default', f='user_profile')) return dict(form = auth()) and in layout.html to create the navbar: {{try:}} {{=auth.navbar(referrer_actions=None)}} {{except:pass}} Anything stand out? In particular, anything that would apply one user's session to another user on a different computer? Now that I look at it, session.forget in application/default/index seems like a bad idea. I put it in to see if I could speed up the main page and kind of forgot about it... Just removed it. Neil On Tuesday, July 24, 2012 2:11:25 PM UTC+1, Richard wrote: For sure using trunk is not very safe in production environnement, not because it not secure, but because sometimes things brake when new features are added. If you don't need edge feature, better to stick with stable. For the problem you describe, I think if you show us the way you activate auth could help. I mean it is not just a matter of using decorator... I am not the best one to help you fix this issue, but if you give us more information like what's in you db.py and all the auth setting you set, I am sure there is more knowledge users that will be kind and will help. Richard On Tue, Jul 24, 2012 at 8:18 AM, Neil: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil -- --
[web2py] Re: weird behavior in crud update
I still have the same strange behaviour with SQLFORM.process(). On Monday, 23 July 2012 23:55:49 UTC+2, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan --
[web2py] Exporting foreign keys as represented value
Hello I am working with xlwt and trying to export a table of mine into a .xls file. This table contains some foreign keys, and they are being exported as the id of the other table rathan than the 'name' field, which is what I want to display. I define the foreign key fields in the table like this: Field('owner', db.person, requires = IS_EMPTY_OR(IS_IN_DB(db, db.person, '%(name)s')), represent=lambda id, row: db.person(id).name if id else ' '), Thanks! --
Re: [web2py] computed fields question
yes I think it is a bug. the update form method checks for writable fields. should be documented or fixed. can you open the ticket? http://zerp.ly/rochacbruno Em 24/07/2012 10:26, Vasile Ermicioi elff...@gmail.com escreveu: may be the writable False can be the issue yes, that is, thanks a lot Bruno but isn't it a weird behavior? -- --
[web2py] Re: Exporting foreign keys as represented value
How are you exporting the data? The export_to_csv_file() method, for example, takes a represent argument -- if set to True, it will use each field's represent attribute to convert the values before exporting. Anthony On Tuesday, July 24, 2012 9:59:15 AM UTC-4, joe wrote: Hello I am working with xlwt and trying to export a table of mine into a .xls file. This table contains some foreign keys, and they are being exported as the id of the other table rathan than the 'name' field, which is what I want to display. I define the foreign key fields in the table like this: Field('owner', db.person, requires = IS_EMPTY_OR(IS_IN_DB(db, db.person, '%(name)s')), represent=lambda id, row: db.person(id).name if id else ' '), Thanks! --
[web2py] Re: Exporting foreign keys as represented value
I am using xlwt to export the data (I want an excel file, and a bit more control over format). I recently made it work, in about the most clumsy way possible (getting a row object from the referenced table, casting it into a string, and finding the substring that I want to display), but there has to be a simpler way. Thanks! -Joe Peacock On Tuesday, July 24, 2012 9:36:22 AM UTC-5, Anthony wrote: How are you exporting the data? The export_to_csv_file() method, for example, takes a represent argument -- if set to True, it will use each field's represent attribute to convert the values before exporting. Anthony On Tuesday, July 24, 2012 9:59:15 AM UTC-4, joe wrote: Hello I am working with xlwt and trying to export a table of mine into a .xls file. This table contains some foreign keys, and they are being exported as the id of the other table rathan than the 'name' field, which is what I want to display. I define the foreign key fields in the table like this: Field('owner', db.person, requires = IS_EMPTY_OR(IS_IN_DB(db, db.person, '%(name)s')), represent=lambda id, row: db.person(id).name if id else ' '), Thanks! --
Re: [web2py] prettydate question
ctrlSoft, is issue still present ? Vladyslav Kozlovskyy (Ukraine) 23.07.12 13:32, ctrlSoft ???(??): datetime format is: 2012-07-18 10:00:00 hi in view i have following code: td{{=prettydate(row.deadline,T)}}/td but result is : %d days ago %d days ago %d days ago %d days ago ... 1 week ago 1 week ago ... %d weeks ago %d weeks ago %d weeks ago how to display 4 days ago 5 days ago ... 2 weeks ago 3 weeks ago ... ... -- --
[web2py] Re: Exporting foreign keys as represented value
Can you show the code you are using to get the data from the db to xlwt? Anthony On Tuesday, July 24, 2012 10:49:13 AM UTC-4, joe wrote: I am using xlwt to export the data (I want an excel file, and a bit more control over format). I recently made it work, in about the most clumsy way possible (getting a row object from the referenced table, casting it into a string, and finding the substring that I want to display), but there has to be a simpler way. Thanks! -Joe Peacock On Tuesday, July 24, 2012 9:36:22 AM UTC-5, Anthony wrote: How are you exporting the data? The export_to_csv_file() method, for example, takes a represent argument -- if set to True, it will use each field's represent attribute to convert the values before exporting. Anthony On Tuesday, July 24, 2012 9:59:15 AM UTC-4, joe wrote: Hello I am working with xlwt and trying to export a table of mine into a .xls file. This table contains some foreign keys, and they are being exported as the id of the other table rathan than the 'name' field, which is what I want to display. I define the foreign key fields in the table like this: Field('owner', db.person, requires = IS_EMPTY_OR(IS_IN_DB(db, db.person, '%(name)s')), represent=lambda id, row: db.person(id).name if id else ' '), Thanks! --
Re: [web2py] User accessed site without logging in
On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db, hmac_key=Auth.get_or_create_key()) crud, service, plugins = Crud(db), Service(), PluginManager() auth.define_tables() db.auth_user.last_name.requires = None auth.settings.actions_disabled.append('register') auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = True auth.settings.reset_password_requires_verification = False auth.settings.login_next = URL(social_anxiety, user_main) auth.settings.logout_next = URL(default, index) ... and in default.py: def index(): session.forget(response) if auth.is_logged_in(): redirect(URL(c='social_anxiety', f='user_main')) else: return dict() def user(): if request.args(0) == 'register': db.auth_user.first_name.comment = '(or an anonymous user name)' elif request.args(0) == 'profile': redirect(URL(c='default', f='user_profile')) return dict(form = auth()) and in layout.html to create the navbar: {{try:}} {{=auth.navbar(referrer_actions=None)}} {{except:pass}} Anything stand out? In particular, anything that would apply one user's session to another user on a different computer? Now that I look at it, session.forget in application/default/index seems like a bad idea. I put it in to see if I could speed up the main page and kind of forgot about it... Just removed it. That jumped out at me too, but it's not obvious how it could result in the reported symptom. Does the forget() call affect the is_logged_in() call one way or the other? Even if it did, in order to appear logged in as user X, a browser would have to present a cookie with session id of a user X session. How could that happen? Weird. Neil On Tuesday, July 24, 2012 2:11:25 PM UTC+1, Richard wrote: For sure using trunk is not very safe in production environnement, not because it not secure, but because sometimes things brake when new features are added. If you don't need edge feature, better to stick with stable. For the problem you describe, I think if you show us the way you activate auth could help. I mean it is not just a matter of using decorator... I am not the best one to help you fix this issue, but if you give us more information like what's in you db.py and all the auth setting you set, I am sure there is more knowledge users that will be kind and will help. Richard On Tue, Jul 24, 2012 at 8:18 AM, Neil: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil -- -- --
[web2py] Re: Suggestion - a pickled DAL field
You could use a SQLCustomType field: http://web2py.com/books/default/chapter/29/6#Custom-Field-types-(experimental) . Anthony On Tuesday, July 24, 2012 8:34:07 AM UTC-4, Omri Har-Shemesh wrote: Hi web2pyers, very often, I have a field in the table which has to hold a complicated value (most often numpy arrays). The way I implement it is that I use text as the type of field, and then simply pickle.dumps(my_value) when I save the field, and then pickle.loads(value_from_db) to access the field again. My suggestion is simple - create field that automatically pickles the values it gets and unpickles them on extraction. Is this already implemented? Do you have other suggestions on how to implement this so that I won't need to pickle every time I access the table? Best wishes, Omri --
[web2py] Re: weird behavior in crud update
Can you post a minimalist app or instructions to reproduce the problem? Could you also open a ticket on google code so this gets tracked? Thanks. On Tuesday, 24 July 2012 08:56:36 UTC-5, Najtsirk wrote: I still have the same strange behaviour with SQLFORM.process(). On Monday, 23 July 2012 23:55:49 UTC+2, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan --
Re: [web2py] Re: weird behavior in crud update
In your view, do you have any link a or any img or any iframe? My be you have an empty href='' or an empty src='' ? If you have it, so that is the problem! empty href or src or rel attributes leads on to form submit problems --
[web2py] Re: User accessed site without logging in
We will investigate this throughly but please get as much information as possible about what this person was doing. Did he try login? Could you also send me a copy of your app (confidentially)? The fact is even if there were a session conflict (I do not believe that is possible unless uuid is broken) a client must request the session via a cookie. A new user always gets assigned a new session id and therefore an empty session. Trunk contains experimental code for sessions in cookies. That code does not work yet. I am assuming you are not using that anyway. Trunk also contains a new password crypt handling. One version of it was broken (nobody could login). We are testing that too. Massimo On Tuesday, 24 July 2012 07:18:45 UTC-5, Neil wrote: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil --
Re: [web2py] Re: weird behavior in crud update
http://www.bennadel.com/blog/2236-Empty-SRC-And-URL-Values-Can-Cause-Duplicate-Page-Requests.htm http://www.nczonline.net/blog/2009/11/30/empty-image-src-can-destroy-your-site/ --
[web2py] Re: weird behavior in crud update
Nop, nothing like that. Ok, now the behavior is changed. The problem persists just with the boolean (when I set it to False...i have to submit twice). Text fields are ok now. It's funny, because i have very straightforward app. Model: db.define_table('blog', Field('naslov','string',label='Naslov'), Field('slug','string',label='Strojno ime'), Field('uvod','text',label='Uvod'), Field('vsebina','text',label='Vsebina'), Field('objavljeno','boolean',label='Objavljeno', default=False), Field('datum','datetime',default=request.now), format = lambda r: r.naslov) Controller: @auth.requires_membership('admin') def uredi(): form = SQLFORM(db.blog, record=request.args(0)).process() return dict(form=form) View: {{extend 'layoutno.html'}} style type=text/css textarea {width: 400px !important;} textarea#blog_vsebina {width: 650px !important;} .alert input {width: 150px !important;} /style div class=board div class=pad60 h1Uredi blog zapis/h1 br {{=form}} /div /div On Monday, 23 July 2012 23:55:49 UTC+2, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan --
[web2py] Re: User accessed site without logging in
Here is what she told me: 1. She clicked a link (from Facebook), and was taken directly to one of the pages for logged in users. I think this was her first visit to the site. 2. She went back to Facebook, and re-clicked the link, and was again taken to a user page 3. She clicked the Logout link, and could no longer access user pages. She never tried to logon or register. Hardly seems possible to me, and I would have been very sceptical about the whole thing except that she told me the name of the other user (which she would have had no way of knowing). I'll send you a copy of the app. Neil On Tuesday, July 24, 2012 4:43:44 PM UTC+1, Massimo Di Pierro wrote: We will investigate this throughly but please get as much information as possible about what this person was doing. Did he try login? Could you also send me a copy of your app (confidentially)? The fact is even if there were a session conflict (I do not believe that is possible unless uuid is broken) a client must request the session via a cookie. A new user always gets assigned a new session id and therefore an empty session. Trunk contains experimental code for sessions in cookies. That code does not work yet. I am assuming you are not using that anyway. Trunk also contains a new password crypt handling. One version of it was broken (nobody could login). We are testing that too. Massimo On Tuesday, 24 July 2012 07:18:45 UTC-5, Neil wrote: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil --
[web2py] Re: User accessed site without logging in
Could be a session fixation attack. Web2py doesn't ever use session id's in the url does it? On Tuesday, July 24, 2012 11:00:30 AM UTC-5, Neil wrote: Here is what she told me: 1. She clicked a link (from Facebook), and was taken directly to one of the pages for logged in users. I think this was her first visit to the site. 2. She went back to Facebook, and re-clicked the link, and was again taken to a user page 3. She clicked the Logout link, and could no longer access user pages. She never tried to logon or register. Hardly seems possible to me, and I would have been very sceptical about the whole thing except that she told me the name of the other user (which she would have had no way of knowing). I'll send you a copy of the app. Neil On Tuesday, July 24, 2012 4:43:44 PM UTC+1, Massimo Di Pierro wrote: We will investigate this throughly but please get as much information as possible about what this person was doing. Did he try login? Could you also send me a copy of your app (confidentially)? The fact is even if there were a session conflict (I do not believe that is possible unless uuid is broken) a client must request the session via a cookie. A new user always gets assigned a new session id and therefore an empty session. Trunk contains experimental code for sessions in cookies. That code does not work yet. I am assuming you are not using that anyway. Trunk also contains a new password crypt handling. One version of it was broken (nobody could login). We are testing that too. Massimo On Tuesday, 24 July 2012 07:18:45 UTC-5, Neil wrote: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil --
[web2py] Newbie: interactive monitoring of a scheduler job?
I'm using the 'experimental' scheduler with 1.99.7 . I know there are posts encouraging us to try the development version, but I'm just learning web2py and I'm trying to keep things as controlled as possible. Plus I don't know when the development version becomes stable. I can send a job to the scheduler. I'm using it because I have some tasks that could take a few minutes to finish. What's a recommended way for a user still at their browser to see when a job is complete? Some kind of ajax usage? --
[web2py] client-side validation plugin
Greetings everyone, I want to share with you a plugin that adds client side validation to your forms. I hope this be helpful to you. It uses in the same way that you use SQLFORM class. See you soon. PS: Sorry for my bad english. https://lh3.googleusercontent.com/-koqpaOGhCvM/UA21w2sGAxI/AFQ/zE2h4FPnXi4/s1600/screen.png -- web2py.plugin.ValidationEngine.w2p Description: Binary data
[web2py] New Plugin to add client side validation to your SQLFORM
https://lh6.googleusercontent.com/-ICahDjG44ak/UA6u1Az37FI/AFc/YVBbufNi1q8/s1600/screen.png Greetings everyone. I want to share with you this plugin, it's based on jquery-validation-engine plugin. It's easy to use, your only need to replace SQLFORM with JsSQLFORM and that's it. At this moment only supports 7 validators (IS_NOT_EMPTY, IS_EMAIL, IS_URL, IS_DATE, IS_LENGTH, IS_INT_IN_RANGE, IS_FLOAT_IN_RANGE). Here are some examples of use: def validation(): from plugin_ValidationEngine import JsSQLFORM f = JsSQLFORM.factory( Field('nombre', requires = [IS_NOT_EMPTY(), IS_LENGTH(20, 3)],label = 'Nombre'), Field('apellido', requires = IS_NOT_EMPTY(), label = 'Apellido'), Field('cuit', requires = IS_LENGTH(12, 12), label = 'Cuit'), Field('edad', requires = IS_INT_IN_RANGE(18, 65), label = 'Edad'), Field('importe', requires = IS_FLOAT_IN_RANGE(1, .99), label = 'Importe') ) if f.accepts(request, session): response.flash = 'Ok' else: response.flash = 'Bad' return dict(form = f) def validation2(): from plugin_ValidationEngine import JsSQLFORM f = JsSQLFORM(db.test) if f.accepts(request, session): response.flash = 'Ok' else: response.flash = 'Bad' return dict(form = f) -- web2py.plugin.ValidationEngine.w2p Description: Binary data
[web2py] Re: bootstrap and user panel
sip, wanna to try. Thanks Martin. Pada Selasa, 24 Juli 2012 7:02:47 UTC+7, Martin.Mulone menulis: I want to share this two applications* Bootstrap welcome application* I made my own welcome scatfold app, using twitter bootstrap template. My version is more like from the example template. Download: https://bitbucket.org/mulonemartin/bootstrap/overview also you can test here http://testbootstrap.tecnodoc.com.ar/. *User Panel Admin* An application to administer the auth_user table. You can add, remove, activate users/ add groups, also add users to groups and so on. https://bitbucket.org/mulonemartin/usersadmin Pada Selasa, 24 Juli 2012 7:02:47 UTC+7, Martin.Mulone menulis: I want to share this two applications* Bootstrap welcome application* I made my own welcome scatfold app, using twitter bootstrap template. My version is more like from the example template. Download: https://bitbucket.org/mulonemartin/bootstrap/overview also you can test here http://testbootstrap.tecnodoc.com.ar/. *User Panel Admin* An application to administer the auth_user table. You can add, remove, activate users/ add groups, also add users to groups and so on. https://bitbucket.org/mulonemartin/usersadmin --
Re: [web2py] client-side validation plugin
Sounds great! I would like to see it built in in SQLFORM(..., clientvalidation=True) On Mon, Jul 23, 2012 at 5:36 PM, Franco franco.alar...@gmail.com wrote: Greetings everyone, I want to share with you a plugin that adds client side validation to your forms. I hope this be helpful to you. It uses in the same way that you use SQLFORM class. See you soon. PS: Sorry for my bad english. https://lh3.googleusercontent.com/-koqpaOGhCvM/UA21w2sGAxI/AFQ/zE2h4FPnXi4/s1600/screen.png -- --
[web2py] Re: weird behavior in crud update
How about I move the Crud section to the end of the chapter, change the section heading to CRUD (Deprecated), and add the following note at the top of the section: Note: Although the CRUD system described in this section will remain available for backward compatibility, it is no longer recommended. Its functionality has largely been subsumed by the newer SQLFORM.process() and SQLFORM.grid(), which are now the recommended methods for implementing CRUD functionality. I could also send a patch removing Crud() from db.py in the welcome app, and replace the /default/data function with one based on SQLFORM.grid(). Thoughts? Anthony On Tuesday, July 24, 2012 7:47:42 AM UTC-4, Massimo Di Pierro wrote: I think we should but I am afraid people may misunderstand. Crud is not going away (because of backward compatibility), simply it is no longer the recommended way to implement the functionality. On Monday, 23 July 2012 23:16:18 UTC-5, Anthony wrote: Should we mark Crud as deprecated in the book? On Monday, July 23, 2012 11:55:14 PM UTC-4, Massimo Di Pierro wrote: Please do not use crud. It is not needed any more. You can do everything and better with SQLFORM().process(). We are not going to change the behavior of curd now that we have a more powerful tool (SQLFORM). On Monday, 23 July 2012 16:55:49 UTC-5, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan --
Re: [web2py] client-side validation plugin
Looking good... can't wait to see a full client-side example with web2py server-side complete with auth [in fact, I probably can't wait and will end up writing it myself :P] On Tue, Jul 24, 2012 at 6:36 AM, Franco franco.alar...@gmail.com wrote: Greetings everyone, I want to share with you a plugin that adds client side validation to your forms. I hope this be helpful to you. It uses in the same way that you use SQLFORM class. See you soon. PS: Sorry for my bad english. https://lh3.googleusercontent.com/-koqpaOGhCvM/UA21w2sGAxI/AFQ/zE2h4FPnXi4/s1600/screen.png -- --
[web2py] Re: validate_and_insert() question
Thank you very much for the very detailed answer Niphlod! It's very clear now. And big thanks to Alec too. I did look into Twisted and Tornado, and they indeed look like a god fit for me. I'm still investigating. Cheers, g. On Monday, 23 July 2012 13:24:57 UTC-7, Niphlod wrote: With that statement (if you don't understand the code, try it) I meant that you can always check a functionality testing it before loosing your mind on the code. All the magic is done by: gluon/dal.py (validate_and_insert()) ... for key,value in fields.items(): value,error = self[key].validate(value) if error: response.errors[key] = error ... the validate() method on the field calls the validators, defined into gluon/validators.py and associated by table definitions (db.define_table) or field requirements (Field('a', *requires=*)). print db.tests.uniquefield.requires [gluon.validators.IS_NOT_IN_DB object at 0x32404d0, gluon.validators.IS_LENGTH object at 0x3240490] A unique field gets a IS_IN_DB validator in order to check before inserting the record (otherwise the commit() would raise an exception at the database level. Unfortunately, there is no universal way to tell WHICH field failed (and why) when you blindly insert a record, and you should wait for the commit() to raise that exception, so you'll lose multiple inserts with their properly related errors). Some definitions (like the unique one) defaults to a hidden requires to your ones (as documented in the book http://web2py.com/books/default/chapter/29/6#Record-representation). Datetime fields, for example, are checked with a IS_DATETIME() validator, reference with a IS_IN_DB(), etc. etc. etc. This is done into the sqlhtml_validators() function in gluon/dal.py. You can find there that a unique Field gets a IS_IN_DB() validator by default ... if field.unique: requires._and = validators.IS_NOT_IN_DB(field.db,field) ... PS: all code excerpts are from the trunk version. May be a little different from your web2py version, but this is sort of an introduction on where to find answers to your questions. On Monday, 23 July 2012 13:24:57 UTC-7, Niphlod wrote: With that statement (if you don't understand the code, try it) I meant that you can always check a functionality testing it before loosing your mind on the code. All the magic is done by: gluon/dal.py (validate_and_insert()) ... for key,value in fields.items(): value,error = self[key].validate(value) if error: response.errors[key] = error ... the validate() method on the field calls the validators, defined into gluon/validators.py and associated by table definitions (db.define_table) or field requirements (Field('a', *requires=*)). print db.tests.uniquefield.requires [gluon.validators.IS_NOT_IN_DB object at 0x32404d0, gluon.validators.IS_LENGTH object at 0x3240490] A unique field gets a IS_IN_DB validator in order to check before inserting the record (otherwise the commit() would raise an exception at the database level. Unfortunately, there is no universal way to tell WHICH field failed (and why) when you blindly insert a record, and you should wait for the commit() to raise that exception, so you'll lose multiple inserts with their properly related errors). Some definitions (like the unique one) defaults to a hidden requires to your ones (as documented in the book http://web2py.com/books/default/chapter/29/6#Record-representation). Datetime fields, for example, are checked with a IS_DATETIME() validator, reference with a IS_IN_DB(), etc. etc. etc. This is done into the sqlhtml_validators() function in gluon/dal.py. You can find there that a unique Field gets a IS_IN_DB() validator by default ... if field.unique: requires._and = validators.IS_NOT_IN_DB(field.db,field) ... PS: all code excerpts are from the trunk version. May be a little different from your web2py version, but this is sort of an introduction on where to find answers to your questions. --
Re: [web2py] Best way to create db form with one option?
No worries. Does anyone have a neater solution? On Tue, Jul 24, 2012 at 11:25 PM, Richard Vézina ml.richard.vez...@gmail.com wrote: So, what I have is not working like this! :( Richard On Tue, Jul 24, 2012 at 9:24 AM, Alec Taylor alec.tayl...@gmail.comwrote: Trying to create a simple button (form), showing Join group if user isn't a member, and Leave group if user is a member. On Tue, Jul 24, 2012 at 11:14 PM, Richard Vézina ml.richard.vez...@gmail.com wrote: I am not exactly sure what you really want to achieve, but I did something like that where the user is allow to change from one group to an other base on preset of allowed groups. If you are interested I can show you the code. Richard On Tue, Jul 24, 2012 at 9:09 AM, Alec Taylor alec.tayl...@gmail.comwrote: I'm trying to create a simple form which presents the user with a functional Join button if they aren't a member, and a Leave group button if they aren't. Unfortunately I seem to be overcomplicating this: @auth.requires_login()def group_membership(group_id): is_member = False try: if auth.user.id in db(db.group_of_events.id == group_id).select()[0].members: is_member=True except TypeError: pass return dict(is_member=is_member) @auth.requires_login()def add_member_to_group(group_id): success=False try: group = db(db.group_of_events.id == group_id).select()[0] if auth.user.id not in group.members: group.update_record( members=group.members+auth.user.id ) success=True except TypeError: pass return dict(success=success) Is there an easier way of creating a form with one option? Thanks for all suggestions, Alec Taylor -- -- -- -- --
[web2py] Re: New Plugin to add client side validation to your SQLFORM
Can you tell us more about how it works? On Tuesday, 24 July 2012 09:38:51 UTC-5, Franco wrote: https://lh6.googleusercontent.com/-ICahDjG44ak/UA6u1Az37FI/AFc/YVBbufNi1q8/s1600/screen.png Greetings everyone. I want to share with you this plugin, it's based on jquery-validation-engine plugin. It's easy to use, your only need to replace SQLFORM with JsSQLFORM and that's it. At this moment only supports 7 validators (IS_NOT_EMPTY, IS_EMAIL, IS_URL, IS_DATE, IS_LENGTH, IS_INT_IN_RANGE, IS_FLOAT_IN_RANGE). Here are some examples of use: def validation(): from plugin_ValidationEngine import JsSQLFORM f = JsSQLFORM.factory( Field('nombre', requires = [IS_NOT_EMPTY(), IS_LENGTH(20, 3)],label = 'Nombre'), Field('apellido', requires = IS_NOT_EMPTY(), label = 'Apellido'), Field('cuit', requires = IS_LENGTH(12, 12), label = 'Cuit'), Field('edad', requires = IS_INT_IN_RANGE(18, 65), label = 'Edad'), Field('importe', requires = IS_FLOAT_IN_RANGE(1, .99), label = 'Importe') ) if f.accepts(request, session): response.flash = 'Ok' else: response.flash = 'Bad' return dict(form = f) def validation2(): from plugin_ValidationEngine import JsSQLFORM f = JsSQLFORM(db.test) if f.accepts(request, session): response.flash = 'Ok' else: response.flash = 'Bad' return dict(form = f) --
Re: [web2py] User accessed site without logging in
Can you look for any evidence in your server logs or auth_event table? Don't forget that sometimes trunk is actually more secure because fixes don't get back-ported to stable. Seems like we might need to see more code (ah, Massimo asked for such). What does this do? settings.login_method = 'local' --
[web2py] Re: User accessed site without logging in
No. It does not. Session IDs are only transferred via cookies. On Tuesday, 24 July 2012 11:04:58 UTC-5, Andrew wrote: Could be a session fixation attack. Web2py doesn't ever use session id's in the url does it? On Tuesday, July 24, 2012 11:00:30 AM UTC-5, Neil wrote: Here is what she told me: 1. She clicked a link (from Facebook), and was taken directly to one of the pages for logged in users. I think this was her first visit to the site. 2. She went back to Facebook, and re-clicked the link, and was again taken to a user page 3. She clicked the Logout link, and could no longer access user pages. She never tried to logon or register. Hardly seems possible to me, and I would have been very sceptical about the whole thing except that she told me the name of the other user (which she would have had no way of knowing). I'll send you a copy of the app. Neil On Tuesday, July 24, 2012 4:43:44 PM UTC+1, Massimo Di Pierro wrote: We will investigate this throughly but please get as much information as possible about what this person was doing. Did he try login? Could you also send me a copy of your app (confidentially)? The fact is even if there were a session conflict (I do not believe that is possible unless uuid is broken) a client must request the session via a cookie. A new user always gets assigned a new session id and therefore an empty session. Trunk contains experimental code for sessions in cookies. That code does not work yet. I am assuming you are not using that anyway. Trunk also contains a new password crypt handling. One version of it was broken (nobody could login). We are testing that too. Massimo On Tuesday, 24 July 2012 07:18:45 UTC-5, Neil wrote: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil --
Re: [web2py] Re: weird behavior in crud update
On Wed, Jul 25, 2012 at 2:20 AM, Anthony abasta...@gmail.com wrote: How about I move the Crud section to the end of the chapter, change the section heading to CRUD (Deprecated), and add the following note at the top of the section: Note: Although the CRUD system described in this section will remain available for backward compatibility, it is no longer recommended. Its functionality has largely been subsumed by the newer SQLFORM.process() and SQLFORM.grid(), which are now the recommended methods for implementing CRUD functionality. I could also send a patch removing Crud() from db.py in the welcome app, and replace the /default/data function with one based on SQLFORM.grid(). Thoughts? Anthony Sounds good to me. Also, can we get some timestamps on the chapters? I'm looking at the documentation fairly often, and am sometimes confused—e.g.: why hadn't I seen that example before?—which is rather annoying :\ Other than that, thanks for the great documentation :) As an aside, would SQLFORM be able to be used to display the value (e.g.: in a checkbox) of a single record's attribute? I'm trying to get this pesky Join group-Leave group button thing working. https://groups.google.com/forum/#%21topic/web2py/JYerQfj1His Thanks On Tuesday, July 24, 2012 7:47:42 AM UTC-4, Massimo Di Pierro wrote: I think we should but I am afraid people may misunderstand. Crud is not going away (because of backward compatibility), simply it is no longer the recommended way to implement the functionality. On Monday, 23 July 2012 23:16:18 UTC-5, Anthony wrote: Should we mark Crud as deprecated in the book? On Monday, July 23, 2012 11:55:14 PM UTC-4, Massimo Di Pierro wrote: Please do not use crud. It is not needed any more. You can do everything and better with SQLFORM().process(). We are not going to change the behavior of curd now that we have a more powerful tool (SQLFORM). On Monday, 23 July 2012 16:55:49 UTC-5, Najtsirk wrote: Hi, each time i want to update crud, i have to submit changes twice to get it actually updated. I set crud.settings.detect_**record_change = False, which helps with 'text' fields, but the problem presists with 'boolean'. Boolean field get changed each time i update form, even though I do not change it. I'm getting this on 1.99.4 and on 1.99.7. I'm seeing this for the first time, but then againi'm doing Blog app for the first time and there is a little more updating than in my other apps. Any clues? Best, Kristjan -- --
Re: [web2py] User accessed site without logging in
The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db, hmac_key=Auth.get_or_create_key()) crud, service, plugins = Crud(db), Service(), PluginManager() auth.define_tables() db.auth_user.last_name.requires = None auth.settings.actions_disabled.append('register') auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = True auth.settings.reset_password_requires_verification = False auth.settings.login_next = URL(social_anxiety, user_main) auth.settings.logout_next = URL(default, index) ... and in default.py: def index(): session.forget(response) if auth.is_logged_in(): redirect(URL(c='social_anxiety', f='user_main')) else: return dict() def user(): if request.args(0) == 'register': db.auth_user.first_name.comment = '(or an anonymous user name)' elif request.args(0) == 'profile': redirect(URL(c='default', f='user_profile')) return dict(form = auth()) and in layout.html to create the navbar: {{try:}} {{=auth.navbar(referrer_actions=None)}} {{except:pass}} Anything stand out? In particular, anything that would apply one user's session to another user on a different computer? Now that I look at it, session.forget in application/default/index seems like a bad idea. I put it in to see if I could speed up the main page and kind of forgot about it... Just removed it. That jumped out at me too, but it's not obvious how it could result in the reported symptom. Does the forget() call affect the is_logged_in() call one way or the other? Even if it did, in order to appear logged in as user X, a browser would have to present a cookie with session id of a user X session. How could that happen? Weird. Neil On Tuesday, July 24, 2012 2:11:25 PM UTC+1, Richard wrote: For sure using trunk is not very safe in production environnement, not because it not secure, but because sometimes things brake when new features are added. If you don't need edge feature, better to stick with stable. For the problem you describe, I think if you show us the way you activate auth could help. I mean it is not just a matter of using decorator... I am not the best one to help you fix this issue, but if you give us more information like what's in you db.py and all the auth setting you set, I am sure there is more knowledge users that will be kind and will help. Richard On Tue, Jul 24, 2012 at 8:18 AM, Neil: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an account, let alone logging in! Once she clicked logout she was no longer able to access any user pages. I understand this will be tough to debug with so little information. Furthermore, I've never observed this behaviour personally. However, it's concerning enough that I thought I'd see if anyone else has experienced such a thing. If not, any ideas how such a thing could even happen? I'm using trunk - I suppose I should roll back to stable? Neil -- -- --
[web2py] Re: Newbie: interactive monitoring of a scheduler job?
If you don't want your user to click somewhere every n seconds to see it, the only two ways are ajax (polling at n seconds interval the status) or websocket. The easier way is monitoring with ajax calls. You can find complete examples online. I'm sure that there are a lot of implementations, but I made an app using extensively the scheduler (and tested it throughly). You can find the code on https://github.com/niphlod/w2p_tvseries/ . I'm using the periodicalupdater jquery plugin to ease off the cruft for start monitoring, poll every n seconds, stop when done thingy. NB: it could be a lot simpler https://github.com/niphlod/w2p_tvseries/blob/master/views/manage/add.html (view) and https://github.com/niphlod/w2p_tvseries/blob/master/controllers/manage.py (controller) The called action performs the task queueing and the monitoring all in one function. Basically on the first click the task gets enqueued and a task_id is saved on the button itself (a neat jquery feature). The task_id is then sent on the subsequent request as an argument, the controller see it and instead of enqueuing another task it monitors the status. A message is passed back, and it replaces the button content (from add series to working on it...). Finally, if task is completed, a command is passed back to stop the refreshing of the button. If you don't understand how this works feel free to ask. BTW: the trunk scheduler will be the one included when web2py 2.0 will be released. Feel free to use it, but for monitoring purposes there should be no changes (i.e. watching for the scheduler_run record status or the scheduler_task status, if you're not using repeating tasks) On Tuesday, July 24, 2012 5:07:22 PM UTC+2, Tim Richardson wrote: I'm using the 'experimental' scheduler with 1.99.7 . I know there are posts encouraging us to try the development version, but I'm just learning web2py and I'm trying to keep things as controlled as possible. Plus I don't know when the development version becomes stable. I can send a job to the scheduler. I'm using it because I have some tasks that could take a few minutes to finish. What's a recommended way for a user still at their browser to see when a job is complete? Some kind of ajax usage? --
Re: [web2py] Re: Multi-tenant social-network?
I was also worried that running queries such as is user in this group?, how many events does this group have? would be much less efficient with everyones data in one place. But it's probably just a perception thing, as you say, and it sounds like the drawbacks outweigh the benefits... :\ So thanks for alleviating my concerns On Tuesday, July 24, 2012 9:57:46 AM UTC+10, pbreit wrote: On Monday, July 23, 2012 3:01:40 PM UTC-7, Cliff Kachinske wrote: Separate DBs sounds messy. Some elaboration on that point. Everything that is simple to do on one DB becomes complicated to do on multiple DBs. For example, I run a multi-tenant site that I constantly run queries against all tenants. That would be a pain with separate DBs. Same with migrations, backups, etc. And I don't see much actual benefit of splitting into multiple DBs. The benefits I hear about seem mostly perceptual (data isolation, etc). --
Re: [web2py] User accessed site without logging in
I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db, hmac_key=Auth.get_or_create_key()) crud, service, plugins = Crud(db), Service(), PluginManager() auth.define_tables() db.auth_user.last_name.requires = None auth.settings.actions_disabled.append('register') auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = True auth.settings.reset_password_requires_verification = False auth.settings.login_next = URL(social_anxiety, user_main) auth.settings.logout_next = URL(default, index) ... and in default.py: def index(): session.forget(response) if auth.is_logged_in(): redirect(URL(c='social_anxiety', f='user_main')) else: return dict() def user(): if request.args(0) == 'register': db.auth_user.first_name.comment = '(or an anonymous user name)' elif request.args(0) == 'profile': redirect(URL(c='default', f='user_profile')) return dict(form = auth()) and in layout.html to create the navbar: {{try:}} {{=auth.navbar(referrer_actions=None)}} {{except:pass}} Anything stand out? In particular, anything that would apply one user's session to another user on a different computer? Now that I look at it, session.forget in application/default/index seems like a bad idea. I put it in to see if I could speed up the main page and kind of forgot about it... Just removed it. That jumped out at me too, but it's not obvious how it could result in the reported symptom. Does the forget() call affect the is_logged_in() call one way or the other? Even if it did, in order to appear logged in as user X, a browser would have to present a cookie with session id of a user X session. How could that happen? Weird. Neil On Tuesday, July 24, 2012 2:11:25 PM UTC+1, Richard wrote: For sure using trunk is not very safe in production environnement, not because it not secure, but because sometimes things brake when new features are added. If you don't need edge feature, better to stick with stable. For the problem you describe, I think if you show us the way you activate auth could help. I mean it is not just a matter of using decorator... I am not the best one to help you fix this issue, but if you give us more information like what's in you db.py and all the auth setting you set, I am sure there is more knowledge users that will be kind and will help. Richard On Tue, Jul 24, 2012 at 8:18 AM, Neil: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This other user (she told me his name) is located on the other side of the world, and may or may not have logged out. I'm rather worried - she was accessing functions decorated with @auth.requires_login() without even having an
Re: [web2py] User accessed site without logging in
Nothing stands out from your code. It is very good code. You have changed to gluon/tools.py but I do not think they can be causing this problem. On Tuesday, 24 July 2012 14:48:16 UTC-5, Massimo Di Pierro wrote: I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db, hmac_key=Auth.get_or_create_key()) crud, service, plugins = Crud(db), Service(), PluginManager() auth.define_tables() db.auth_user.last_name.requires = None auth.settings.actions_disabled.append('register') auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = True auth.settings.reset_password_requires_verification = False auth.settings.login_next = URL(social_anxiety, user_main) auth.settings.logout_next = URL(default, index) ... and in default.py: def index(): session.forget(response) if auth.is_logged_in(): redirect(URL(c='social_anxiety', f='user_main')) else: return dict() def user(): if request.args(0) == 'register': db.auth_user.first_name.comment = '(or an anonymous user name)' elif request.args(0) == 'profile': redirect(URL(c='default', f='user_profile')) return dict(form = auth()) and in layout.html to create the navbar: {{try:}} {{=auth.navbar(referrer_actions=None)}} {{except:pass}} Anything stand out? In particular, anything that would apply one user's session to another user on a different computer? Now that I look at it, session.forget in application/default/index seems like a bad idea. I put it in to see if I could speed up the main page and kind of forgot about it... Just removed it. That jumped out at me too, but it's not obvious how it could result in the reported symptom. Does the forget() call affect the is_logged_in() call one way or the other? Even if it did, in order to appear logged in as user X, a browser would have to present a cookie with session id of a user X session. How could that happen? Weird. Neil On Tuesday, July 24, 2012 2:11:25 PM UTC+1, Richard wrote: For sure using trunk is not very safe in production environnement, not because it not secure, but because sometimes things brake when new features are added. If you don't need edge feature, better to stick with stable. For the problem you describe, I think if you show us the way you activate auth could help. I mean it is not just a matter of using decorator... I am not the best one to help you fix this issue, but if you give us more information like what's in you db.py and all the auth setting you set, I am sure there is more knowledge users that will be kind and will help. Richard On Tue, Jul 24, 2012 at 8:18 AM, Neil: I just heard from someone who had never been to my site before. When she visited (on her phone), it was already logged on as another user. This
Re: [web2py] User accessed site without logging in
Here is a possible cause of the problem although I am not sure. There are two possible issues which may conspire to create this problem. Issue #1 === There is a session file in the app you sent me called: unknown-c4571a37... session files should be ip-. This means that one of the HEADERS http_x_forwarded_for or remote_addr has a value unknown. A first google search retuned: http://nixforums.org/about154671-Hacking-X-Forwarded-For.html which opens the possibility the the web server, in your case nginx, is not finding the client ip address (how is that possible) and setting it to unknown. This should never happen. The client_addr is a required field for WSGI. This could be the result of a hacking attempt but it would required both parties doing the hacking for the sessions to be mixed up. Issue #2 === There is a bug with may prevent urandom from working: http://community.webfaction.com/questions/9333/importerror-cannot-import-name-urandom http://stackoverflow.com/questions/10776797/error-when-importing-wsgihandler-with-django Can you check if you can import urandom on your version of python on webfaction? It is therefore theoretically possible that, given the concurrency model of nginx, if two users visit the site very close to each other, with urandom missing, both declaring the same incorrect client ip (unknown), they get assigned the same session id. This is because web2py has no way of distinguishing the two users and lacks a proper random number generator. TODO: 1) check if you can import urandom 2) try understand how it possible to have an unkown client_addr in the http headers. My google search returned nothing about 2. Has anybody ever seen this before? Please let us know. On Tuesday, 24 July 2012 14:50:04 UTC-5, Massimo Di Pierro wrote: Nothing stands out from your code. It is very good code. You have changed to gluon/tools.py but I do not think they can be causing this problem. On Tuesday, 24 July 2012 14:48:16 UTC-5, Massimo Di Pierro wrote: I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db, hmac_key=Auth.get_or_create_key()) crud, service, plugins = Crud(db), Service(), PluginManager() auth.define_tables() db.auth_user.last_name.requires = None auth.settings.actions_disabled.append('register') auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = True auth.settings.reset_password_requires_verification = False auth.settings.login_next = URL(social_anxiety, user_main) auth.settings.logout_next = URL(default, index) ... and in default.py: def index(): session.forget(response) if auth.is_logged_in(): redirect(URL(c='social_anxiety', f='user_main')) else: return dict() def user(): if request.args(0) == 'register': db.auth_user.first_name.comment
Re: [web2py] User accessed site without logging in
Perhaps it would be safe to block access to the site if request.client is unknown. I think we should change web2py to block access to any web2py app if request.client does not validate as an IP address. Massimo On Tuesday, 24 July 2012 15:24:06 UTC-5, Massimo Di Pierro wrote: Here is a possible cause of the problem although I am not sure. There are two possible issues which may conspire to create this problem. Issue #1 === There is a session file in the app you sent me called: unknown-c4571a37... session files should be ip-. This means that one of the HEADERS http_x_forwarded_for or remote_addr has a value unknown. A first google search retuned: http://nixforums.org/about154671-Hacking-X-Forwarded-For.html which opens the possibility the the web server, in your case nginx, is not finding the client ip address (how is that possible) and setting it to unknown. This should never happen. The client_addr is a required field for WSGI. This could be the result of a hacking attempt but it would required both parties doing the hacking for the sessions to be mixed up. Issue #2 === There is a bug with may prevent urandom from working: http://community.webfaction.com/questions/9333/importerror-cannot-import-name-urandom http://stackoverflow.com/questions/10776797/error-when-importing-wsgihandler-with-django Can you check if you can import urandom on your version of python on webfaction? It is therefore theoretically possible that, given the concurrency model of nginx, if two users visit the site very close to each other, with urandom missing, both declaring the same incorrect client ip (unknown), they get assigned the same session id. This is because web2py has no way of distinguishing the two users and lacks a proper random number generator. TODO: 1) check if you can import urandom 2) try understand how it possible to have an unkown client_addr in the http headers. My google search returned nothing about 2. Has anybody ever seen this before? Please let us know. On Tuesday, 24 July 2012 14:50:04 UTC-5, Massimo Di Pierro wrote: Nothing stands out from your code. It is very good code. You have changed to gluon/tools.py but I do not think they can be causing this problem. On Tuesday, 24 July 2012 14:48:16 UTC-5, Massimo Di Pierro wrote: I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db, hmac_key=Auth.get_or_create_key()) crud, service, plugins = Crud(db), Service(), PluginManager() auth.define_tables() db.auth_user.last_name.requires = None auth.settings.actions_disabled.append('register') auth.settings.registration_requires_verification = False auth.settings.registration_requires_approval = True auth.settings.reset_password_requires_verification = False auth.settings.login_next = URL(social_anxiety, user_main)
[web2py] Re: Any jquery gurus out there?
That is true. I have also run into that problem. At first, I thought it might be that too so I changed it and it still didn't work right. When I noticed I was sure that was it (or rather was hoping that was it.) I did also do a search and it seems that problem is not very-well documented either. Strange since almost everything I've ever run into someone else has seen it all before. On Thursday, July 12, 2012 12:57:46 PM UTC-5, Derek wrote: You know, with IE, I have had problems if my script tags didn't have type='text/javascript. On Tuesday, July 10, 2012 3:54:14 PM UTC-7, RKS wrote: I know this is probably not the right place to ask, but I am using w2p and post here pretty frequently so I figured what the heck. I'm also in a rush and not finding out what I need on stackoverflow. I have some jquery and it works in every browser except any version of IE. If you happen to notice anything right off the bat that will cause this not to work, please let me know. I'm desperate. Thanks. script src= https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js /script script $(function () { // hide all the steps on document load $(div.step).addClass(hidden); // show the one step that is identified by the current hash (if any) $(document.location.hash).removeClass(hidden); $(a.reveal).click(function (event) { var idToReveal = $(this).attr(href); // store the ID to show in the URL for bookmarking document.location.hash = idToReveal; // hide every step that is currently visible $(div.step).not(.hidden).addClass(hidden); // reveal the next div (as identified by the current link's href) $(idToReveal).removeClass(hidden); // prevent the default click behavior (i.e. prevent navigation) event.preventDefault(); }); }); /script Quick recap, this hides divs and shows them via anchors on the page. It also saves the hash so on reload it opens to the current hash instead of going back to 1. Thanks --
Re: [web2py] Any jquery gurus out there?
I will test both of the above comments. Sorry it took so long for me to get back, but I didn't realize anyone had responded. Thanks for the answers. On Wednesday, July 11, 2012 5:58:19 PM UTC-5, demetrio wrote: I don't understand a lot the pourpose of this selector $(document.location.hash).removeClass(hidden); If the element has the id attr as the same hash you should use $(#+document.location.hash).removeClass(hidden); Or if the hash is in the href attr you can use $('[href='+document.location.hash+']').removeClass(hidden); In this case i don't know if you have to use the # becasue i think that it is included in the href tag, maybe it can be $('[href=#'+document.location.hash+']').removeClass(hidden); Another thing you can do if nothing of this works is to use the command console.log(document.location.hash); To check if its really taking the hash value in IE On Wednesday, July 11, 2012 5:58:19 PM UTC-5, demetrio wrote: I don't understand a lot the pourpose of this selector $(document.location.hash).removeClass(hidden); If the element has the id attr as the same hash you should use $(#+document.location.hash).removeClass(hidden); Or if the hash is in the href attr you can use $('[href='+document.location.hash+']').removeClass(hidden); In this case i don't know if you have to use the # becasue i think that it is included in the href tag, maybe it can be $('[href=#'+document.location.hash+']').removeClass(hidden); Another thing you can do if nothing of this works is to use the command console.log(document.location.hash); To check if its really taking the hash value in IE --
Re: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem
I'm working through this same example, and I'm having trouble understanding how the following resolves: value = (mode=='plus') and +1 or -1 Can anyone explain to me what is happening with this line of code? On Monday, March 26, 2012 10:28:27 AM UTC-4, Omi Chiba wrote: OK it worked ! The indent for last three line was wrong on book and it was fixed on the downloaded code. On Friday, March 23, 2012 6:18:36 PM UTC-5, Omi Chiba wrote: Alan, Thanks. Good idea. I will try the support files. Sent from my Verizon Wireless BlackBerry -Original Message- From: Alan Etkin spame...@gmail.com Sender: web2py@googlegroups.com Date: Fri, 23 Mar 2012 15:22:25 To: web2py-usersweb2py@googlegroups.com web2py@googlegroups.com Reply-To: web2py@googlegroups.com Subject: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem I tested the example app with the book support files and it worked (with Firefox 10 and web2py trunk). Maybe there is a bug fixed in the app code that was not updated in the book's text. On 23 mar, 18:11, Omi Chiba ochib...@gmail.com wrote: I was following cookbook and having a problem for the ajax part. I can click plus or minus to change the value for the first time, but it doesn't update the value next time it's clicked. Also, I don't get any flash message like 'you voted already' or 'vote recorded'. What am I missing ? Controller --- def news_comments(): news = db.news(request.args(0)) or redirect(URL('categories')) if auth.user: db.comment.news.default = news.id db.comment.posted_on.default = request.now db.comment.posted_by.default = auth.user.id form = crud.create(db.comment) comments = db(db.comment.news==news.id).select(orderby=db.comment.posted_on) return locals() @auth.requires_login() def vote(): if not request.env.request_method=='POST': raise HTTP(400) news_id, mode = request.args(0), request.args(1) news = db.news(id=news_id) vote = db.vote(posted_by=auth.user.id, news=news_id) votes = news.votes value = (mode=='plus') and +1 or -1 if vote and value*vote.value==1: message = 'you voted already' else: if vote: votes += value - vote.value vote.update_record(value=value) else: votes += value db.vote.insert(value=value, posted_by=auth.user.id, posted_on=request.now, news=news.id) news.update_record(votes=votes) message ='vote recorded' return jQuery('#votes').html('%s');jQuery('.flash').\ html('%s').slideDown(); % (votes, message) View - news_comment.html ----- {{extend 'layout.html'}} h5{{=A(news.title, _href=news.link)}}/h5 {{if auth.user:}} span id=votes{{=news.votes}}/span button id=plus onclick=ajax('{{=URL('vote', args=(news.id, 'plus'))}}', [], ':eval')plus/button button id=minus onclick=ajax('{{=URL('vote', args=(news.id, 'minus'))}}', [], ':eval')minus/button {{=form}} {{pass}} table {{for comment in comments:}} tr td{{=comment.posted_on}}/td td{{=comment.posted_by.first_name}}: /td td{{=MARKMIN(comment.body)}}/td /tr {{pass}} /table --
Re: [web2py] User accessed site without logging in
one other scenario.. i reported a few months back that running web2py on GAE with python2.7 and multi-threading had odd behaviors with the globals (request, response, session). i have yet tracked down the issues i was having (might have been a coding error on my part).but if you are using GAE + multithreading i'd be interested to know that. cfh On Tuesday, July 24, 2012 1:26:21 PM UTC-7, Massimo Di Pierro wrote: Perhaps it would be safe to block access to the site if request.client is unknown. I think we should change web2py to block access to any web2py app if request.client does not validate as an IP address. Massimo On Tuesday, 24 July 2012 15:24:06 UTC-5, Massimo Di Pierro wrote: Here is a possible cause of the problem although I am not sure. There are two possible issues which may conspire to create this problem. Issue #1 === There is a session file in the app you sent me called: unknown-c4571a37... session files should be ip-. This means that one of the HEADERS http_x_forwarded_for or remote_addr has a value unknown. A first google search retuned: http://nixforums.org/about154671-Hacking-X-Forwarded-For.html which opens the possibility the the web server, in your case nginx, is not finding the client ip address (how is that possible) and setting it to unknown. This should never happen. The client_addr is a required field for WSGI. This could be the result of a hacking attempt but it would required both parties doing the hacking for the sessions to be mixed up. Issue #2 === There is a bug with may prevent urandom from working: http://community.webfaction.com/questions/9333/importerror-cannot-import-name-urandom http://stackoverflow.com/questions/10776797/error-when-importing-wsgihandler-with-django Can you check if you can import urandom on your version of python on webfaction? It is therefore theoretically possible that, given the concurrency model of nginx, if two users visit the site very close to each other, with urandom missing, both declaring the same incorrect client ip (unknown), they get assigned the same session id. This is because web2py has no way of distinguishing the two users and lacks a proper random number generator. TODO: 1) check if you can import urandom 2) try understand how it possible to have an unkown client_addr in the http headers. My google search returned nothing about 2. Has anybody ever seen this before? Please let us know. On Tuesday, 24 July 2012 14:50:04 UTC-5, Massimo Di Pierro wrote: Nothing stands out from your code. It is very good code. You have changed to gluon/tools.py but I do not think they can be causing this problem. On Tuesday, 24 July 2012 14:48:16 UTC-5, Massimo Di Pierro wrote: I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ... settings.login_method = 'local' settings.login_config = '' ... in db.py: ... auth = Auth(db,
[web2py] Re: how to achieve public/private key authentication for web service in web2py?
Might want to try this... https://code.google.com/p/simpatica/ from this post: https://groups.google.com/forum/?fromgroups#!topic/web2py/0kzJf5Kk62Q On Tuesday, July 24, 2012 1:33:48 AM UTC-7, Amit wrote: Hi, I have to provide public/private key authentication for accessing web service (REST) from client in my web2py application.How to achieve it? Scenario: 1.Each client will have unique private key which will be sent to the server alongwith request. 2. Server has to authenticate private key using public key(unique for each client) and then allow to access the web service method. For e.g. suppose one client say X has requested for web service add() so server has to first validate the public key with client's private key and if validation is successful then allow to access the web service add(). Challenges: where to store public key of each client?we can't store it in the db because server can't access db before validation of web service method.So will it be store somewhere in PC(where server is running)?if yes then how and which format? NOTE: Here Server will be completely written in web2py and client is separate application running on the hardware device. --
Re: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem
It is the same as in if mode == 'plus': value = +1 else: value = -1 On Tuesday, 24 July 2012 16:20:51 UTC-5, pjryan126 wrote: I'm working through this same example, and I'm having trouble understanding how the following resolves: value = (mode=='plus') and +1 or -1 Can anyone explain to me what is happening with this line of code? On Monday, March 26, 2012 10:28:27 AM UTC-4, Omi Chiba wrote: OK it worked ! The indent for last three line was wrong on book and it was fixed on the downloaded code. On Friday, March 23, 2012 6:18:36 PM UTC-5, Omi Chiba wrote: Alan, Thanks. Good idea. I will try the support files. Sent from my Verizon Wireless BlackBerry -Original Message- From: Alan Etkin spame...@gmail.com Sender: web2py@googlegroups.com Date: Fri, 23 Mar 2012 15:22:25 To: web2py-usersweb2py@googlegroups.com web2py@googlegroups.com Reply-To: web2py@googlegroups.com Subject: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem I tested the example app with the book support files and it worked (with Firefox 10 and web2py trunk). Maybe there is a bug fixed in the app code that was not updated in the book's text. On 23 mar, 18:11, Omi Chiba ochib...@gmail.com wrote: I was following cookbook and having a problem for the ajax part. I can click plus or minus to change the value for the first time, but it doesn't update the value next time it's clicked. Also, I don't get any flash message like 'you voted already' or 'vote recorded'. What am I missing ? Controller --- def news_comments(): news = db.news(request.args(0)) or redirect(URL('categories')) if auth.user: db.comment.news.default = news.id db.comment.posted_on.default = request.now db.comment.posted_by.default = auth.user.id form = crud.create(db.comment) comments = db(db.comment.news==news.id).select(orderby=db.comment.posted_on) return locals() @auth.requires_login() def vote(): if not request.env.request_method=='POST': raise HTTP(400) news_id, mode = request.args(0), request.args(1) news = db.news(id=news_id) vote = db.vote(posted_by=auth.user.id, news=news_id) votes = news.votes value = (mode=='plus') and +1 or -1 if vote and value*vote.value==1: message = 'you voted already' else: if vote: votes += value - vote.value vote.update_record(value=value) else: votes += value db.vote.insert(value=value, posted_by=auth.user.id, posted_on=request.now, news=news.id) news.update_record(votes=votes) message ='vote recorded' return jQuery('#votes').html('%s');jQuery('.flash').\ html('%s').slideDown(); % (votes, message) View - news_comment.html ----- {{extend 'layout.html'}} h5{{=A(news.title, _href=news.link)}}/h5 {{if auth.user:}} span id=votes{{=news.votes}}/span button id=plus onclick=ajax('{{=URL('vote', args=(news.id, 'plus'))}}', [], ':eval')plus/button button id=minus onclick=ajax('{{=URL('vote', args=(news.id, 'minus'))}}', [], ':eval')minus/button {{=form}} {{pass}} table {{for comment in comments:}} tr td{{=comment.posted_on}}/td td{{=comment.posted_by.first_name}}: /td td{{=MARKMIN(comment.body)}}/td /tr {{pass}} /table --
Re: [web2py] User accessed site without logging in
Are you using current in modules? On Tuesday, 24 July 2012 16:31:52 UTC-5, howesc wrote: one other scenario.. i reported a few months back that running web2py on GAE with python2.7 and multi-threading had odd behaviors with the globals (request, response, session). i have yet tracked down the issues i was having (might have been a coding error on my part).but if you are using GAE + multithreading i'd be interested to know that. cfh On Tuesday, July 24, 2012 1:26:21 PM UTC-7, Massimo Di Pierro wrote: Perhaps it would be safe to block access to the site if request.client is unknown. I think we should change web2py to block access to any web2py app if request.client does not validate as an IP address. Massimo On Tuesday, 24 July 2012 15:24:06 UTC-5, Massimo Di Pierro wrote: Here is a possible cause of the problem although I am not sure. There are two possible issues which may conspire to create this problem. Issue #1 === There is a session file in the app you sent me called: unknown-c4571a37... session files should be ip-. This means that one of the HEADERS http_x_forwarded_for or remote_addr has a value unknown. A first google search retuned: http://nixforums.org/about154671-Hacking-X-Forwarded-For.html which opens the possibility the the web server, in your case nginx, is not finding the client ip address (how is that possible) and setting it to unknown. This should never happen. The client_addr is a required field for WSGI. This could be the result of a hacking attempt but it would required both parties doing the hacking for the sessions to be mixed up. Issue #2 === There is a bug with may prevent urandom from working: http://community.webfaction.com/questions/9333/importerror-cannot-import-name-urandom http://stackoverflow.com/questions/10776797/error-when-importing-wsgihandler-with-django Can you check if you can import urandom on your version of python on webfaction? It is therefore theoretically possible that, given the concurrency model of nginx, if two users visit the site very close to each other, with urandom missing, both declaring the same incorrect client ip (unknown), they get assigned the same session id. This is because web2py has no way of distinguishing the two users and lacks a proper random number generator. TODO: 1) check if you can import urandom 2) try understand how it possible to have an unkown client_addr in the http headers. My google search returned nothing about 2. Has anybody ever seen this before? Please let us know. On Tuesday, 24 July 2012 14:50:04 UTC-5, Massimo Di Pierro wrote: Nothing stands out from your code. It is very good code. You have changed to gluon/tools.py but I do not think they can be causing this problem. On Tuesday, 24 July 2012 14:48:16 UTC-5, Massimo Di Pierro wrote: I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone can spot something. In 0.py I have: ...
Re: [web2py] User accessed site without logging in
Is there an open issue about this? If not, can you open one with more details? On Tuesday, 24 July 2012 16:31:52 UTC-5, howesc wrote: one other scenario.. i reported a few months back that running web2py on GAE with python2.7 and multi-threading had odd behaviors with the globals (request, response, session). i have yet tracked down the issues i was having (might have been a coding error on my part).but if you are using GAE + multithreading i'd be interested to know that. cfh On Tuesday, July 24, 2012 1:26:21 PM UTC-7, Massimo Di Pierro wrote: Perhaps it would be safe to block access to the site if request.client is unknown. I think we should change web2py to block access to any web2py app if request.client does not validate as an IP address. Massimo On Tuesday, 24 July 2012 15:24:06 UTC-5, Massimo Di Pierro wrote: Here is a possible cause of the problem although I am not sure. There are two possible issues which may conspire to create this problem. Issue #1 === There is a session file in the app you sent me called: unknown-c4571a37... session files should be ip-. This means that one of the HEADERS http_x_forwarded_for or remote_addr has a value unknown. A first google search retuned: http://nixforums.org/about154671-Hacking-X-Forwarded-For.html which opens the possibility the the web server, in your case nginx, is not finding the client ip address (how is that possible) and setting it to unknown. This should never happen. The client_addr is a required field for WSGI. This could be the result of a hacking attempt but it would required both parties doing the hacking for the sessions to be mixed up. Issue #2 === There is a bug with may prevent urandom from working: http://community.webfaction.com/questions/9333/importerror-cannot-import-name-urandom http://stackoverflow.com/questions/10776797/error-when-importing-wsgihandler-with-django Can you check if you can import urandom on your version of python on webfaction? It is therefore theoretically possible that, given the concurrency model of nginx, if two users visit the site very close to each other, with urandom missing, both declaring the same incorrect client ip (unknown), they get assigned the same session id. This is because web2py has no way of distinguishing the two users and lacks a proper random number generator. TODO: 1) check if you can import urandom 2) try understand how it possible to have an unkown client_addr in the http headers. My google search returned nothing about 2. Has anybody ever seen this before? Please let us know. On Tuesday, 24 July 2012 14:50:04 UTC-5, Massimo Di Pierro wrote: Nothing stands out from your code. It is very good code. You have changed to gluon/tools.py but I do not think they can be causing this problem. On Tuesday, 24 July 2012 14:48:16 UTC-5, Massimo Di Pierro wrote: I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in your case? Do you know what was the link that caused the problem? Which page she was directed too? massimo On Tuesday, 24 July 2012 10:18:46 UTC-5, Jonathan Lundell wrote: On 24 Jul 2012, at 6:41 AM, Neil wrote: Good point about trunk. There are some features that I liked and got used to, but nothing essential. I'll try to summarize any relevant settings in the hope that someone
Re: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem
But why not this which seems much more readble? value = +1 if mode == 'plus' else -1 On Tuesday, July 24, 2012 10:20:51 PM UTC+1, pjryan126 wrote: I'm working through this same example, and I'm having trouble understanding how the following resolves: value = (mode=='plus') and +1 or -1 Can anyone explain to me what is happening with this line of code? On Monday, March 26, 2012 10:28:27 AM UTC-4, Omi Chiba wrote: OK it worked ! The indent for last three line was wrong on book and it was fixed on the downloaded code. On Friday, March 23, 2012 6:18:36 PM UTC-5, Omi Chiba wrote: Alan, Thanks. Good idea. I will try the support files. Sent from my Verizon Wireless BlackBerry -Original Message- From: Alan Etkin spame...@gmail.com Sender: web2py@googlegroups.com Date: Fri, 23 Mar 2012 15:22:25 To: web2py-usersweb2py@googlegroups.com web2py@googlegroups.com Reply-To: web2py@googlegroups.com Subject: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem I tested the example app with the book support files and it worked (with Firefox 10 and web2py trunk). Maybe there is a bug fixed in the app code that was not updated in the book's text. On 23 mar, 18:11, Omi Chiba ochib...@gmail.com wrote: I was following cookbook and having a problem for the ajax part. I can click plus or minus to change the value for the first time, but it doesn't update the value next time it's clicked. Also, I don't get any flash message like 'you voted already' or 'vote recorded'. What am I missing ? Controller --- def news_comments(): news = db.news(request.args(0)) or redirect(URL('categories')) if auth.user: db.comment.news.default = news.id db.comment.posted_on.default = request.now db.comment.posted_by.default = auth.user.id form = crud.create(db.comment) comments = db(db.comment.news==news.id).select(orderby=db.comment.posted_on) return locals() @auth.requires_login() def vote(): if not request.env.request_method=='POST': raise HTTP(400) news_id, mode = request.args(0), request.args(1) news = db.news(id=news_id) vote = db.vote(posted_by=auth.user.id, news=news_id) votes = news.votes value = (mode=='plus') and +1 or -1 if vote and value*vote.value==1: message = 'you voted already' else: if vote: votes += value - vote.value vote.update_record(value=value) else: votes += value db.vote.insert(value=value, posted_by=auth.user.id, posted_on=request.now, news=news.id) news.update_record(votes=votes) message ='vote recorded' return jQuery('#votes').html('%s');jQuery('.flash').\ html('%s').slideDown(); % (votes, message) View - news_comment.html ----- {{extend 'layout.html'}} h5{{=A(news.title, _href=news.link)}}/h5 {{if auth.user:}} span id=votes{{=news.votes}}/span button id=plus onclick=ajax('{{=URL('vote', args=(news.id, 'plus'))}}', [], ':eval')plus/button button id=minus onclick=ajax('{{=URL('vote', args=(news.id, 'minus'))}}', [], ':eval')minus/button {{=form}} {{pass}} table {{for comment in comments:}} tr td{{=comment.posted_on}}/td td{{=comment.posted_by.first_name}}: /td td{{=MARKMIN(comment.body)}}/td /tr {{pass}} /table On Tuesday, July 24, 2012 10:20:51 PM UTC+1, pjryan126 wrote: I'm working through this same example, and I'm having trouble understanding how the following resolves: value = (mode=='plus') and +1 or -1 Can anyone explain to me what is happening with this line of code? On Monday, March 26, 2012 10:28:27 AM UTC-4, Omi Chiba wrote: OK it worked ! The indent for last three line was wrong on book and it was fixed on the downloaded code. On Friday, March 23, 2012 6:18:36 PM UTC-5, Omi Chiba wrote: Alan, Thanks. Good idea. I will try the support files. Sent from my Verizon Wireless BlackBerry -Original Message- From: Alan Etkin spame...@gmail.com Sender: web2py@googlegroups.com Date: Fri, 23 Mar 2012 15:22:25 To: web2py-usersweb2py@googlegroups.com web2py@googlegroups.com Reply-To: web2py@googlegroups.com Subject: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem I tested the example app with the book support files and it worked (with Firefox 10 and web2py trunk). Maybe there is a bug fixed in the app code that was not updated in the book's text. On 23 mar, 18:11, Omi Chiba ochib...@gmail.com wrote: I was following cookbook and having a problem for the ajax part. I can click plus or minus to change the value for the first time, but it doesn't update the value next time it's clicked.
[web2py] Re: Suggestion - a pickled DAL field
Make it a computed field? On Tuesday, July 24, 2012 5:34:07 AM UTC-7, Omri Har-Shemesh wrote: Hi web2pyers, very often, I have a field in the table which has to hold a complicated value (most often numpy arrays). The way I implement it is that I use text as the type of field, and then simply pickle.dumps(my_value) when I save the field, and then pickle.loads(value_from_db) to access the field again. My suggestion is simple - create field that automatically pickles the values it gets and unpickles them on extraction. Is this already implemented? Do you have other suggestions on how to implement this so that I won't need to pickle every time I access the table? Best wishes, Omri --
Re: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem
On 24 Jul 2012, at 2:57 PM, villas wrote: But why not this which seems much more readble? value = +1 if mode == 'plus' else -1 Originally for compatibility with Python 2.4. Not sure how much of a priority that is these days... On Tuesday, July 24, 2012 10:20:51 PM UTC+1, pjryan126 wrote: I'm working through this same example, and I'm having trouble understanding how the following resolves: value = (mode=='plus') and +1 or -1 Can anyone explain to me what is happening with this line of code? On Monday, March 26, 2012 10:28:27 AM UTC-4, Omi Chiba wrote: OK it worked ! The indent for last three line was wrong on book and it was fixed on the downloaded code. On Friday, March 23, 2012 6:18:36 PM UTC-5, Omi Chiba wrote: Alan, Thanks. Good idea. I will try the support files. Sent from my Verizon Wireless BlackBerry --
[web2py] Re: how to achieve public/private key authentication for web service in web2py?
This is very similar to what TSL accomplishes with x509 certificates. There is a slight difference, the server does not own a public key for each client: it verifies that the client owns an x509 certificate signed by the correct certification authority. So no need to store public keys. in any case AFAIK in public/private key algorithms the private key always allows generation of the corresponding public key, not the contrary of course. To accomplish what you need in the simplest way you have to: - create a certification authority with self signed certificate - create certificate for you webserver signed with the private key of the certification authority above. - configure your webserver to require a client certificate (with rocket look at --ca-cert option) - In case you need to know some infos about the connecting client as reported in its certificate you can use x509_auth.py to use x509 authentication and configure your REST action with @auth.requires_login(). This will give you access to information contained in the certificate such common name or serial id. To customize you can extend the X509_Auth class. To generate test certificates fast you can use simpatica as Derek correctly suggests. mic Il giorno martedì 24 luglio 2012 10:33:48 UTC+2, Amit ha scritto: Hi, I have to provide public/private key authentication for accessing web service (REST) from client in my web2py application.How to achieve it? Scenario: 1.Each client will have unique private key which will be sent to the server alongwith request. 2. Server has to authenticate private key using public key(unique for each client) and then allow to access the web service method. For e.g. suppose one client say X has requested for web service add() so server has to first validate the public key with client's private key and if validation is successful then allow to access the web service add(). Challenges: where to store public key of each client?we can't store it in the db because server can't access db before validation of web service method.So will it be store somewhere in PC(where server is running)?if yes then how and which format? NOTE: Here Server will be completely written in web2py and client is separate application running on the hardware device. --
Re: [web2py] User accessed site without logging in
What is the deployment configuration? What wsgi server and what web server? Craig Younkins On Tue, Jul 24, 2012 at 5:55 PM, Massimo Di Pierro massimo.dipie...@gmail.com wrote: Is there an open issue about this? If not, can you open one with more details? On Tuesday, 24 July 2012 16:31:52 UTC-5, howesc wrote: one other scenario.. i reported a few months back that running web2py on GAE with python2.7 and multi-threading had odd behaviors with the globals (request, response, session). i have yet tracked down the issues i was having (might have been a coding error on my part).but if you are using GAE + multithreading i'd be interested to know that. cfh On Tuesday, July 24, 2012 1:26:21 PM UTC-7, Massimo Di Pierro wrote: Perhaps it would be safe to block access to the site if request.client is unknown. I think we should change web2py to block access to any web2py app if request.client does not validate as an IP address. Massimo On Tuesday, 24 July 2012 15:24:06 UTC-5, Massimo Di Pierro wrote: Here is a possible cause of the problem although I am not sure. There are two possible issues which may conspire to create this problem. Issue #1 === There is a session file in the app you sent me called: unknown-c4571a37... session files should be ip-. This means that one of the HEADERS http_x_forwarded_for or remote_addr has a value unknown. A first google search retuned: http://nixforums.org/**about154671-Hacking-X-**Forwarded-For.htmlhttp://nixforums.org/about154671-Hacking-X-Forwarded-For.html which opens the possibility the the web server, in your case nginx, is not finding the client ip address (how is that possible) and setting it to unknown. This should never happen. The client_addr is a required field for WSGI. This could be the result of a hacking attempt but it would required both parties doing the hacking for the sessions to be mixed up. Issue #2 === There is a bug with may prevent urandom from working: http://community.webfaction.**com/questions/9333/** importerror-cannot-import-**name-urandomhttp://community.webfaction.com/questions/9333/importerror-cannot-import-name-urandom http://stackoverflow.com/**questions/10776797/error-when-** importing-wsgihandler-with-**djangohttp://stackoverflow.com/questions/10776797/error-when-importing-wsgihandler-with-django Can you check if you can import urandom on your version of python on webfaction? It is therefore theoretically possible that, given the concurrency model of nginx, if two users visit the site very close to each other, with urandom missing, both declaring the same incorrect client ip (unknown), they get assigned the same session id. This is because web2py has no way of distinguishing the two users and lacks a proper random number generator. TODO: 1) check if you can import urandom 2) try understand how it possible to have an unkown client_addr in the http headers. My google search returned nothing about 2. Has anybody ever seen this before? Please let us know. On Tuesday, 24 July 2012 14:50:04 UTC-5, Massimo Di Pierro wrote: Nothing stands out from your code. It is very good code. You have changed to gluon/tools.py but I do not think they can be causing this problem. On Tuesday, 24 July 2012 14:48:16 UTC-5, Massimo Di Pierro wrote: I should add that the conflict I mentioned below is not possible unless there is a proxy in between. That is because the session id includes the client IP. I really do not see how this problem can be possible. Are you sure they are not playing a prank on you? If they share a facebook page perhaps they know each other. I have to ask but we will keep investigating the issue very seriously nevertheless. For now I suggest you add this to your code: if auth.user: session.clients = session.clients or [] if not request.client in session.clients: session.clients.append(* *request.client) if len(session.clients)1: print auth.user.email, session.clients log the output and check how often you have multiple session.clients for the same email from different network top level domains (xxx.*.*.*) If you do, email the user and check what is going on with them. Massimo On Tuesday, 24 July 2012 14:26:35 UTC-5, Massimo Di Pierro wrote: The only time I have seen something like this was long age. Web2py was running on replicated VMs behing a load balancer. If two requests from new users arrived within a short time frame (do not remember if a millisecond or a second), they were assigned the same session uuid because uuid.uuid4() could not discriminate between the VMs. We fixed it by make uuid dependent on the os entropy source urandom and initializing it differently on different VMs using the IP address. The fix works on linux/unix but not on Windows. Replicated windows machine may suffer from this problem still. What is the web server and configuration in
Re: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem
because it is not supported in python 2.4 versions. But you are right. Who cares about 2.4 any more. On Tuesday, 24 July 2012 16:57:46 UTC-5, villas wrote: But why not this which seems much more readble? value = +1 if mode == 'plus' else -1 On Tuesday, July 24, 2012 10:20:51 PM UTC+1, pjryan126 wrote: I'm working through this same example, and I'm having trouble understanding how the following resolves: value = (mode=='plus') and +1 or -1 Can anyone explain to me what is happening with this line of code? On Monday, March 26, 2012 10:28:27 AM UTC-4, Omi Chiba wrote: OK it worked ! The indent for last three line was wrong on book and it was fixed on the downloaded code. On Friday, March 23, 2012 6:18:36 PM UTC-5, Omi Chiba wrote: Alan, Thanks. Good idea. I will try the support files. Sent from my Verizon Wireless BlackBerry -Original Message- From: Alan Etkin spame...@gmail.com Sender: web2py@googlegroups.com Date: Fri, 23 Mar 2012 15:22:25 To: web2py-usersweb2py@googlegroups.com web2py@googlegroups.com Reply-To: web2py@googlegroups.com Subject: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem I tested the example app with the book support files and it worked (with Firefox 10 and web2py trunk). Maybe there is a bug fixed in the app code that was not updated in the book's text. On 23 mar, 18:11, Omi Chiba ochib...@gmail.com wrote: I was following cookbook and having a problem for the ajax part. I can click plus or minus to change the value for the first time, but it doesn't update the value next time it's clicked. Also, I don't get any flash message like 'you voted already' or 'vote recorded'. What am I missing ? Controller --- def news_comments(): news = db.news(request.args(0)) or redirect(URL('categories')) if auth.user: db.comment.news.default = news.id db.comment.posted_on.default = request.now db.comment.posted_by.default = auth.user.id form = crud.create(db.comment) comments = db(db.comment.news==news.id).select(orderby=db.comment.posted_on) return locals() @auth.requires_login() def vote(): if not request.env.request_method=='POST': raise HTTP(400) news_id, mode = request.args(0), request.args(1) news = db.news(id=news_id) vote = db.vote(posted_by=auth.user.id, news=news_id) votes = news.votes value = (mode=='plus') and +1 or -1 if vote and value*vote.value==1: message = 'you voted already' else: if vote: votes += value - vote.value vote.update_record(value=value) else: votes += value db.vote.insert(value=value, posted_by=auth.user.id, posted_on=request.now, news=news.id) news.update_record(votes=votes) message ='vote recorded' return jQuery('#votes').html('%s');jQuery('.flash').\ html('%s').slideDown(); % (votes, message) View - news_comment.html ----- {{extend 'layout.html'}} h5{{=A(news.title, _href=news.link)}}/h5 {{if auth.user:}} span id=votes{{=news.votes}}/span button id=plus onclick=ajax('{{=URL('vote', args=(news.id, 'plus'))}}', [], ':eval')plus/button button id=minus onclick=ajax('{{=URL('vote', args=(news.id, 'minus'))}}', [], ':eval')minus/button {{=form}} {{pass}} table {{for comment in comments:}} tr td{{=comment.posted_on}}/td td{{=comment.posted_by.first_name}}: /td td{{=MARKMIN(comment.body)}}/td /tr {{pass}} /table On Tuesday, July 24, 2012 10:20:51 PM UTC+1, pjryan126 wrote: I'm working through this same example, and I'm having trouble understanding how the following resolves: value = (mode=='plus') and +1 or -1 Can anyone explain to me what is happening with this line of code? On Monday, March 26, 2012 10:28:27 AM UTC-4, Omi Chiba wrote: OK it worked ! The indent for last three line was wrong on book and it was fixed on the downloaded code. On Friday, March 23, 2012 6:18:36 PM UTC-5, Omi Chiba wrote: Alan, Thanks. Good idea. I will try the support files. Sent from my Verizon Wireless BlackBerry -Original Message- From: Alan Etkin spame...@gmail.com Sender: web2py@googlegroups.com Date: Fri, 23 Mar 2012 15:22:25 To: web2py-usersweb2py@googlegroups.com web2py@googlegroups.com Reply-To: web2py@googlegroups.com Subject: [web2py] Re: Cookbook Chapter 2 - Reddit clone Ajax problem I tested the example app with the book support files and it worked (with Firefox 10 and web2py trunk). Maybe there is a bug fixed in the app code that was not updated in the book's text. On 23 mar, 18:11, Omi Chiba ochib...@gmail.com wrote: I was following cookbook and
[web2py] callback on an anchor tag
Working through the html helper docs, I decided to try the callback parameter to the anchor tag: {{=A(CLICK ME!!, callback=URL('http://mysite.com/foo.html'), target='hater')}} {{=DIV(_id = 'hater')}} foo.html delivers a bit of content. This did not work. Viewing the source, I see that the tag was rendered like this: a href=#null onclick=ajax(#x27;/css/edit/http://register.rcsreg.com/foo.html#x27;,[],#x27;hater#x27;);return false;CLICK ME!!/a That doesn't so good. Am I doing something wrong? Thanks, Tobiah --
[web2py] web2py instant admin
Hi all, Anyone using web2py instant admin? I have a problem with the css. I have installed the plugin its functional, but its not picking up the CSS. Any reason? Thanks very much. Kevin --
[web2py] MySQL DB reads have stopped working for one table in a background process
On the eve of delivering a project to a client, I've come up against a problem that has me stumped. select() statements on one of my mysql tables have stopped working. My application is a web2py web server and a background process (also called a homemade task queue in the web2py book). They share the database. The web server writes to the table from within an HTTP request, and several seconds later, I attempt to read the record in my background process. Up until yesterday, I didn't have any trouble reading from this or any of the tables. And now, all the others work fine. I can still write and read from the misbehaving table from the web server. I am at a loss. I'm not sure where to look to diagnose the problem. Any pointers would be gratefully received. --
[web2py] Re: MySQL DB reads have stopped working for one table in a background process
What changed? Did you upgrade? What web2py version? When you say the select does not work anymore, dwhat do you mean? Does it lock or do you get a traceback? Which database driver? People have reported problems with pymysql but not with mysqldb. On Tuesday, 24 July 2012 19:42:29 UTC-5, David Phillips wrote: On the eve of delivering a project to a client, I've come up against a problem that has me stumped. select() statements on one of my mysql tables have stopped working. My application is a web2py web server and a background process (also called a homemade task queue in the web2py book). They share the database. The web server writes to the table from within an HTTP request, and several seconds later, I attempt to read the record in my background process. Up until yesterday, I didn't have any trouble reading from this or any of the tables. And now, all the others work fine. I can still write and read from the misbehaving table from the web server. I am at a loss. I'm not sure where to look to diagnose the problem. Any pointers would be gratefully received. --
[web2py] Re: Suggestion - a pickled DAL field
On Tuesday, July 24, 2012 5:58:29 PM UTC-4, Derek wrote: Make it a computed field? I'm not sure that would be helpful in this case. A computed field computes its value automatically based on other fields in the record, but in this case, he needs to pickle an object, which is not one of the other fields. Also, it needs to be unpickled when queried, which a computed field wouldn't handle. Anthony --
Re: [web2py] Re: Multi-tenant social-network?
For production use Postgres (first choice) or MySQL. Do your homework on indexing and other optimization tricks. If your site gets big enough to have performance problems because there are too many rows in a table, you will also have enough income to hire a really good dba :). On Tuesday, July 24, 2012 3:39:11 PM UTC-4, Alec Taylor wrote: I was also worried that running queries such as is user in this group?, how many events does this group have? would be much less efficient with everyones data in one place. But it's probably just a perception thing, as you say, and it sounds like the drawbacks outweigh the benefits... :\ So thanks for alleviating my concerns On Tuesday, July 24, 2012 9:57:46 AM UTC+10, pbreit wrote: On Monday, July 23, 2012 3:01:40 PM UTC-7, Cliff Kachinske wrote: Separate DBs sounds messy. Some elaboration on that point. Everything that is simple to do on one DB becomes complicated to do on multiple DBs. For example, I run a multi-tenant site that I constantly run queries against all tenants. That would be a pain with separate DBs. Same with migrations, backups, etc. And I don't see much actual benefit of splitting into multiple DBs. The benefits I hear about seem mostly perceptual (data isolation, etc). --
Re: [web2py] Re: Multi-tenant social-network?
Mind that for each user you have auth.user_groups = { group_id: group_obj, ... } this allows you to efficiently do: if group_in in auth.user_groups and it can also be used a map to convert the group_id to the group_obj.role and vice versa. the dict is automatically updated when the user does add_membership, del_membership. It is not updated for logged-in user when the administrator changes membership until the user logs in again. massimo On Tuesday, 24 July 2012 14:39:11 UTC-5, Alec Taylor wrote: I was also worried that running queries such as is user in this group?, how many events does this group have? would be much less efficient with everyones data in one place. But it's probably just a perception thing, as you say, and it sounds like the drawbacks outweigh the benefits... :\ So thanks for alleviating my concerns On Tuesday, July 24, 2012 9:57:46 AM UTC+10, pbreit wrote: On Monday, July 23, 2012 3:01:40 PM UTC-7, Cliff Kachinske wrote: Separate DBs sounds messy. Some elaboration on that point. Everything that is simple to do on one DB becomes complicated to do on multiple DBs. For example, I run a multi-tenant site that I constantly run queries against all tenants. That would be a pain with separate DBs. Same with migrations, backups, etc. And I don't see much actual benefit of splitting into multiple DBs. The benefits I hear about seem mostly perceptual (data isolation, etc). --
Re: [web2py] Re: Multi-tenant social-network?
This is the right way to think about it. :-) On Tuesday, 24 July 2012 21:56:18 UTC-5, Cliff Kachinske wrote: For production use Postgres (first choice) or MySQL. Do your homework on indexing and other optimization tricks. If your site gets big enough to have performance problems because there are too many rows in a table, you will also have enough income to hire a really good dba :). On Tuesday, July 24, 2012 3:39:11 PM UTC-4, Alec Taylor wrote: I was also worried that running queries such as is user in this group?, how many events does this group have? would be much less efficient with everyones data in one place. But it's probably just a perception thing, as you say, and it sounds like the drawbacks outweigh the benefits... :\ So thanks for alleviating my concerns On Tuesday, July 24, 2012 9:57:46 AM UTC+10, pbreit wrote: On Monday, July 23, 2012 3:01:40 PM UTC-7, Cliff Kachinske wrote: Separate DBs sounds messy. Some elaboration on that point. Everything that is simple to do on one DB becomes complicated to do on multiple DBs. For example, I run a multi-tenant site that I constantly run queries against all tenants. That would be a pain with separate DBs. Same with migrations, backups, etc. And I don't see much actual benefit of splitting into multiple DBs. The benefits I hear about seem mostly perceptual (data isolation, etc). --
Re: [web2py] Re: how to achieve public/private key authentication for web service in web2py?
Thanks Michele and Derek..nice post , i am looking exactly the same :) On Wed, Jul 25, 2012 at 4:09 AM, Michele Comitini michele.comit...@gmail.com wrote: This is very similar to what TSL accomplishes with x509 certificates. There is a slight difference, the server does not own a public key for each client: it verifies that the client owns an x509 certificate signed by the correct certification authority. So no need to store public keys. in any case AFAIK in public/private key algorithms the private key always allows generation of the corresponding public key, not the contrary of course. To accomplish what you need in the simplest way you have to: - create a certification authority with self signed certificate - create certificate for you webserver signed with the private key of the certification authority above. - configure your webserver to require a client certificate (with rocket look at --ca-cert option) - In case you need to know some infos about the connecting client as reported in its certificate you can use x509_auth.py to use x509 authentication and configure your REST action with @auth.requires_login(). This will give you access to information contained in the certificate such common name or serial id. To customize you can extend the X509_Auth class. To generate test certificates fast you can use simpatica as Derek correctly suggests. mic Il giorno martedì 24 luglio 2012 10:33:48 UTC+2, Amit ha scritto: Hi, I have to provide public/private key authentication for accessing web service (REST) from client in my web2py application.How to achieve it? Scenario: 1.Each client will have unique private key which will be sent to the server alongwith request. 2. Server has to authenticate private key using public key(unique for each client) and then allow to access the web service method. For e.g. suppose one client say X has requested for web service add() so server has to first validate the public key with client's private key and if validation is successful then allow to access the web service add(). Challenges: where to store public key of each client?we can't store it in the db because server can't access db before validation of web service method.So will it be store somewhere in PC(where server is running)?if yes then how and which format? NOTE: Here Server will be completely written in web2py and client is separate application running on the hardware device. -- --
Re: [web2py] Re: MySQL DB reads have stopped working for one table in a background process
Hello, Massimo. What changed? Did you upgrade? What web2py version? I removed a task in the background process that was periodically calling db.commit. In its place, I started using memcache where I had been writing to the db. I haven't upgraded. I've been using 1.99.7 all along. When you say the select does not work anymore, dwhat do you mean? Does it lock or do you get a traceback? I add an account to the account table with account_id == 1 and id == 1 using appadmin on the web server. Then I go to the background process and execute these commands both in my code and using the debugger: rows = db (db.account.account_id == 1).select().first() returns None. count = db (db.account.id 0).count() return zero. db.executesql(select account_id from account) returns None. No error messages, exceptions, lock-ups or the like. select() simply fails to find the data in the table which I can see with appadmin and the mysql command-line client. Curiously, if I stop the background process and restart it, I can read the account from the account table: db (db.account.id 0).count() returns 1. It's not a matter of the committing the database after the initial write. I added a db.commit() call after writing the account to the db just to make sure. It made no difference. Which database driver? People have reported problems with pymysql but not with mysqldb. It's pymysql for both the development platform (Mac OS X 10.7) and the production platform (CentOS). Do you have any advice on how to diagnose my problem? Thanks, David On Jul 24, 2012, at 8:50 PM, Massimo Di Pierro wrote: What changed? Did you upgrade? What web2py version? When you say the select does not work anymore, dwhat do you mean? Does it lock or do you get a traceback? Which database driver? People have reported problems with pymysql but not with mysqldb. On Tuesday, 24 July 2012 19:42:29 UTC-5, David Phillips wrote: On the eve of delivering a project to a client, I've come up against a problem that has me stumped. select() statements on one of my mysql tables have stopped working. My application is a web2py web server and a background process (also called a homemade task queue in the web2py book). They share the database. The web server writes to the table from within an HTTP request, and several seconds later, I attempt to read the record in my background process. Up until yesterday, I didn't have any trouble reading from this or any of the tables. And now, all the others work fine. I can still write and read from the misbehaving table from the web server. I am at a loss. I'm not sure where to look to diagnose the problem. Any pointers would be gratefully received. -- --
Re: [web2py] Re: Empty Database value is not None, but an empty string
Anthony, I tried db.mytable.import_from_csv_file([file object], null='') from the web2py shell, but it gave me an error: OperationalError: near ): syntax error In fact, trying to import from csv using the book's method does not work at all, although exporting works fine. Viniciusban, I'm inserting data through the database administation interface (filling out the form). I've also tried importing the CSV file through the administrative interface as well, where all blank spaces in the csv some out to empty strings (unless the field type is 'integer'). On Monday, July 23, 2012 10:47:24 PM UTC-7, viniciusban wrote: Yes, they are default settings. It's quite strange you get empty strings instead null (None, in Python). How are you inserting data into db? Are you using a SQLFORM or my_table.validate_and_insert() or simply mytable.insert()? Do you get same results (blank values) inserting it from web2py shell using simply mytable.insert()? -- Vinicius Assef On Monday, July 23, 2012 5:58:19 PM UTC-4, Mark Li wrote: Aren't those the default values for a Field Contructor? I tried explicitly adding notnull=False and required=False, and didn't set the default property, but empty values still come out as an empty string instead of None. On Monday, July 23, 2012 2:48:56 PM UTC-7, viniciusban wrote: As far as I know, let notnull=False and required=False for your fields and don't set default property. On 07/23/2012 06:32 PM, Mark Li wrote: Unfortunately the lambda method didn't work, Anthony. Any other ideas for having a None default for empty entries? On a side note, if the 'integer' field type is used, then a blank entry results in a None. Don't know if that helps but it's something I've noticed. On Monday, July 23, 2012 2:07:51 PM UTC-7, Anthony wrote: To enter a value of None, this might work: | default=lambda:None | Anthony On Monday, July 23, 2012 5:04:44 PM UTC-4, Anthony wrote: default=None means that no default is specified, not that a default value of None will be inserted. Anthony On Monday, July 23, 2012 5:02:33 PM UTC-4, Mark Li wrote: I have a table defined in the following manner: db.define_table('songinfo', Field('songtitle'), Field('artist')) When I add an empty entry, or upload a CSV with empty values, I can only access those values with a database call like songs = db(db.songinfo.artist==).select() as opposed to db(db.songinfo.artist==None).select() The web2py book states that fields default=None, but I'm getting an empty string. Is there an appropriate way to have None instead of an empty string in the database? -- -- --
Re: [web2py] Re: MySQL DB reads have stopped working for one table in a background process
First of all we need to establish there is a problem and this is not the expected behavior. I am not sure. MySQL has 4 different isolation modes and defaults to: http://dev.mysql.com/doc/refman/5.1/en/set-transaction.html#isolevel_repeatable-read All consistent reads within the same transaction read the snapshot established by the first read. I think this means that your background process does not see new updated records unless it starts a new transaction. You can check it. Try adding some db.commit() to the background process, even if it does not write data. If this is the problem, you may also be able to change the isolation level with SET TRANSACTION. Massimo On Tuesday, 24 July 2012 22:26:26 UTC-5, David Phillips wrote: Hello, Massimo. What changed? Did you upgrade? What web2py version? I removed a task in the background process that was periodically calling db.commit. In its place, I started using memcache where I had been writing to the db. I haven't upgraded. I've been using 1.99.7 all along. When you say the select does not work anymore, dwhat do you mean? Does it lock or do you get a traceback? I add an account to the account table with account_id == 1 and id == 1 using appadmin on the web server. Then I go to the background process and execute these commands both in my code and using the debugger: rows = db (db.account.account_id == 1).select().first() returns None. count = db (db.account.id 0).count() return zero. db.executesql(select account_id from account) returns None. No error messages, exceptions, lock-ups or the like. select() simply fails to find the data in the table which I can see with appadmin and the mysql command-line client. Curiously, if I stop the background process and restart it, I can read the account from the account table: db (db.account.id 0).count() returns 1. It's not a matter of the committing the database after the initial write. I added a db.commit() call after writing the account to the db just to make sure. It made no difference. Which database driver? People have reported problems with pymysql but not with mysqldb. It's pymysql for both the development platform (Mac OS X 10.7) and the production platform (CentOS). Do you have any advice on how to diagnose my problem? Thanks, David On Jul 24, 2012, at 8:50 PM, Massimo Di Pierro wrote: What changed? Did you upgrade? What web2py version? When you say the select does not work anymore, dwhat do you mean? Does it lock or do you get a traceback? Which database driver? People have reported problems with pymysql but not with mysqldb. On Tuesday, 24 July 2012 19:42:29 UTC-5, David Phillips wrote: On the eve of delivering a project to a client, I've come up against a problem that has me stumped. select() statements on one of my mysql tables have stopped working. My application is a web2py web server and a background process (also called a homemade task queue in the web2py book). They share the database. The web server writes to the table from within an HTTP request, and several seconds later, I attempt to read the record in my background process. Up until yesterday, I didn't have any trouble reading from this or any of the tables. And now, all the others work fine. I can still write and read from the misbehaving table from the web server. I am at a loss. I'm not sure where to look to diagnose the problem. Any pointers would be gratefully received. -- --
Re: [web2py] Re: Empty Database value is not None, but an empty string
What database are you using? What driver? The operational error is not a web2py error. It is a database error. It means web2py is sending invalid SQL, for example referring a column that does not exist. You may want to try: try: db.mytable.import_from_csv_file([file object], null='') except: print db._lastsql db.rollback() and see what is lastsql. On Tuesday, 24 July 2012 22:31:27 UTC-5, Mark Li wrote: Anthony, I tried db.mytable.import_from_csv_file([file object], null='') from the web2py shell, but it gave me an error: OperationalError: near ): syntax error In fact, trying to import from csv using the book's method does not work at all, although exporting works fine. Viniciusban, I'm inserting data through the database administation interface (filling out the form). I've also tried importing the CSV file through the administrative interface as well, where all blank spaces in the csv some out to empty strings (unless the field type is 'integer'). On Monday, July 23, 2012 10:47:24 PM UTC-7, viniciusban wrote: Yes, they are default settings. It's quite strange you get empty strings instead null (None, in Python). How are you inserting data into db? Are you using a SQLFORM or my_table.validate_and_insert() or simply mytable.insert()? Do you get same results (blank values) inserting it from web2py shell using simply mytable.insert()? -- Vinicius Assef On Monday, July 23, 2012 5:58:19 PM UTC-4, Mark Li wrote: Aren't those the default values for a Field Contructor? I tried explicitly adding notnull=False and required=False, and didn't set the default property, but empty values still come out as an empty string instead of None. On Monday, July 23, 2012 2:48:56 PM UTC-7, viniciusban wrote: As far as I know, let notnull=False and required=False for your fields and don't set default property. On 07/23/2012 06:32 PM, Mark Li wrote: Unfortunately the lambda method didn't work, Anthony. Any other ideas for having a None default for empty entries? On a side note, if the 'integer' field type is used, then a blank entry results in a None. Don't know if that helps but it's something I've noticed. On Monday, July 23, 2012 2:07:51 PM UTC-7, Anthony wrote: To enter a value of None, this might work: | default=lambda:None | Anthony On Monday, July 23, 2012 5:04:44 PM UTC-4, Anthony wrote: default=None means that no default is specified, not that a default value of None will be inserted. Anthony On Monday, July 23, 2012 5:02:33 PM UTC-4, Mark Li wrote: I have a table defined in the following manner: db.define_table('songinfo', Field('songtitle'), Field('artist')) When I add an empty entry, or upload a CSV with empty values, I can only access those values with a database call like songs = db(db.songinfo.artist==).select() as opposed to db(db.songinfo.artist==None).select() The web2py book states that fields default=None, but I'm getting an empty string. Is there an appropriate way to have None instead of an empty string in the database? -- -- --
Re: [web2py] Re: Multi-tenant social-network?
Thanks, On that note, I really should link up my 'group_of_events' table with web2py's build-in RBAC On Wed, Jul 25, 2012 at 1:11 PM, Massimo Di Pierro massimo.dipie...@gmail.com wrote: This is the right way to think about it. :-) On Tuesday, 24 July 2012 21:56:18 UTC-5, Cliff Kachinske wrote: For production use Postgres (first choice) or MySQL. Do your homework on indexing and other optimization tricks. If your site gets big enough to have performance problems because there are too many rows in a table, you will also have enough income to hire a really good dba :). On Tuesday, July 24, 2012 3:39:11 PM UTC-4, Alec Taylor wrote: I was also worried that running queries such as is user in this group?, how many events does this group have? would be much less efficient with everyones data in one place. But it's probably just a perception thing, as you say, and it sounds like the drawbacks outweigh the benefits... :\ So thanks for alleviating my concerns On Tuesday, July 24, 2012 9:57:46 AM UTC+10, pbreit wrote: On Monday, July 23, 2012 3:01:40 PM UTC-7, Cliff Kachinske wrote: Separate DBs sounds messy. Some elaboration on that point. Everything that is simple to do on one DB becomes complicated to do on multiple DBs. For example, I run a multi-tenant site that I constantly run queries against all tenants. That would be a pain with separate DBs. Same with migrations, backups, etc. And I don't see much actual benefit of splitting into multiple DBs. The benefits I hear about seem mostly perceptual (data isolation, etc). -- --
[web2py] Question on using legacy tables
I use several legacy tables in my web2py applications A typical definition that I use is: db2.define_table('analogpoint', Field('pointnumber','integer',writable=False), Field('pointname','string',writable=False), primarykey=['pointnumber'], migrate=False ) I can access this table with DAL: info = db2(db2.analogpoint.pointnumber == point) \ .select(db2.analogpoint.pointnumber,db2.analogpoint.pointname) but the following method generates an error: temp = db2.analogpoint[1].pointname KeyError: '_id' Is there a way to use this method on a table that doesn't have an 'id' field I have had success when I generate a view that includes an 'id' field for every legacy table, but I would like to avoid this if possible. - Tom --
[web2py] Re: SQLFORM.grid pagination refresh
The problem is when I filter using input boxes from outside, I need to use the ajax function from the view, like input name=id4 type=text class=input-small id=input4 value=40 onkeyup=ajax('ajaxTable3', ['id4'], 'grid') / , and I do replace the load function which is inside the div grid div id = grid {{=LOAD('default','ajaxTable2.load',ajax=True, target='grid', content='loading...')}} /div when the first page loads, the links will be trapped, but after the keyup fires, the div id grid is replaced by the ajax function, is there another way to go about this problem, I tried everything including your solution above, but when I click the pagination links the page loads by itself --
[web2py] Re: SQLFORM.grid pagination refresh
Then don't use the ajax() function. Instead, create a jQuery event handler to capture the keyup event. Then, in the handler, grab the input value and refresh the component by calling: web2py_component('{{=URL(default, ajaxTable2.load)}}' + '?count=' +input_value , 'grid') In that case, the input value will be available as request.vars.count in the ajaxTable2 function. Anthony On Wednesday, July 25, 2012 12:40:29 AM UTC-4, dave wrote: The problem is when I filter using input boxes from outside, I need to use the ajax function from the view, like input name=id4 type=text class=input-small id=input4 value=40 onkeyup=ajax('ajaxTable3', ['id4'], 'grid') / , and I do replace the load function which is inside the div grid div id = grid {{=LOAD('default','ajaxTable2.load',ajax=True, target='grid', content='loading...')}} /div when the first page loads, the links will be trapped, but after the keyup fires, the div id grid is replaced by the ajax function, is there another way to go about this problem, I tried everything including your solution above, but when I click the pagination links the page loads by itself --