Good day Massimo,
the following are the snippets:
AppAuth/models/db.py
db = DAL('sqlite://storage.sqlite')
session.connect(request, response, db)
auth = Auth(globals(), db)
crud = Crud(globals(), db)
auth.settings.hmac_key = 'sha512:secret key here'
auth.define_tables(username=True)
crud.settings.auth = auth
AppA/models/db.py
db = DAL('sqlite://../../appauth/storage.sqlite') # -- yes, point to the db
file in AppAuth
session.connect(request, response, db, masterapp='appauth')
auth = Auth(globals(), db)
auth.define_tables(migrate=False, username=True)
auth.settings.login_url = '/appauth/default/user/login'
AppA/controllers/default.py
@auth.requires_login()
def index():
response.view='index.html'
return dict()
@auth.requires_permission('sayhello')
def hello():
response.view='saysomething.html'
return dict(message=T(hello))
The behavior of this in 1.96.1 (and 1.97.1) is that I will be able to login
and view the page provided in AppAuth, but when browse to AppA or AppB, it
will not be able to access it because auth says its not loggin. However all
this works in 1.95.1
If i go into web2py.gluon.tools.Auth and hack current to current =
Storage(globals()) like it used to be in 1.95.1, and things works again.
I'm sure forcing current from threading.local() to something else
definitely is not the correct way of doing this (as i dont know what is the
intention of the current is using for as well : ).
Awaits your input, Many Thanks Massimo.
best,
Zeng
On Thu, Jul 21, 2011 at 8:44 PM, Massimo Di Pierro
massimo.dipie...@gmail.com wrote:
This change should not break it. Can you please show us the code that
breaks and we will check what is going on? It is possible that one of
the auth modules has not been patched correctly.
Massimo
On Jul 21, 11:02 am, zeng zeng...@gmail.com wrote:
Hey guys,
I'm currently running version 1.95.1 and have 3 application,
AppAuth, AppA, AppB, AppA and AppB is using AppAuth to
authenticate logged in user and it has been working great.
After upgrading 1.96.1 and cross app authentication no longer works,
some debuging lead to:
- web2py.gluon.tools.Auth
self.environment = current
request = current.request
session = current.session
- web2py.gluon.tools.Auth
and current is a threading.local() in gluon.globals.py !!!
In the good'o 1.95.1 the session and auth object is retrieved from
global() ,
Question is, why is this changed? this seems to break the backward
compatibility feature of web2py, and what are the recommended
solutions now that global() is no longer used?
Thanks!