You might consider looking at the auth.register() code:
http://code.google.com/p/web2py/source/browse/gluon/tools.py#2168
Another option might be to generate an auth.register() form and send the
formkey to the client to be passed back as a hidden field in the POST call.
You can then let the web2py auth.register() function handle the
registration as usual.
If you use a web2py view to create the register form, you can do:
<input name="_formkey" type="hidden" value="{{=auth.register().formkey}}" />
<input name="_formname" type="hidden" value="register" />
Otherwise, you can make an Ajax request to get a formkey:
def get_formkey():
return auth.register().formkey
That will put the formkey in the session, and when the form is submitted,
the submitted formkey value will be compared to the value in the session.
Note, you also need to send a "_formname" field with the value "register".
Your register function could then be:
def register():
auth.register()
return 'An error occurred'
Note, by default, if the registration is accepted, that will do a
client-side redirect to auth.settings.register_next (assuming web2py.js is
loaded in the client). If you don't want a redirect, you can define an
onaccept function that raises an HTTP
exception<http://web2py.com/books/default/chapter/29/04#HTTP-and-redirect>in
order to return a string:
def register():
def success(form):
raise HTTP(200, 'Success')
auth.register(onaccept=success)
return 'An error occurred'
This is untested, so I may have missed something.
Anthony
On Wednesday, January 23, 2013 6:11:26 PM UTC-5, Mark Li wrote:
>
> I have decided to use validate_and_insert with web2py's REST methods
>
> db.auth_user.validate_and_insert(**fields)
>
> Testing so far, I was able to add a user even though the email and
> password fields were empty in the POST call. I altered my api action so
> that it checks whether or not the email and password fields in the request
> are empty. All other validators seem to be working fine.
>
> If anyone has previous experience with validate_and_insert with the
> auth_user table, and knows of any registration holes this way, please let
> me know!
>
>
> On Tuesday, January 22, 2013 6:50:06 PM UTC-8, Mark Li wrote:
>>
>> I am currently using web2py's auth to return a registration form.
>>
>> However, I would also like users to be able to register RESTfully, with
>> the email and password information in a POST call. How would I write a
>> register action that mimics auth.register(), except the information is from
>> a POST, not a form.
>>
>
--
