Or an easier option is to use the auth.get_or_create_user()<http://code.google.com/p/web2py/source/browse/gluon/tools.py#1704>method, though that doesn't provide the password verification field/validation that the auth.register() function includes (which you may not want anyway).
Anthony On Wednesday, January 23, 2013 11:45:15 PM UTC-5, Anthony wrote: > > You might consider looking at the auth.register() code: > http://code.google.com/p/web2py/source/browse/gluon/tools.py#2168 > > Another option might be to generate an auth.register() form and send the > formkey to the client to be passed back as a hidden field in the POST call. > You can then let the web2py auth.register() function handle the > registration as usual. > > If you use a web2py view to create the register form, you can do: > > <input name="_formkey" type="hidden" value="{{=auth.register().formkey}}" > /> > <input name="_formname" type="hidden" value="register" /> > > Otherwise, you can make an Ajax request to get a formkey: > > def get_formkey(): > return auth.register().formkey > > That will put the formkey in the session, and when the form is submitted, > the submitted formkey value will be compared to the value in the session. > Note, you also need to send a "_formname" field with the value "register". > > Your register function could then be: > > def register(): > auth.register() > return 'An error occurred' > > Note, by default, if the registration is accepted, that will do a > client-side redirect to auth.settings.register_next (assuming web2py.js is > loaded in the client). If you don't want a redirect, you can define an > onaccept function that raises an HTTP > exception<http://web2py.com/books/default/chapter/29/04#HTTP-and-redirect>in > order to return a string: > > def register(): > def success(form): > raise HTTP(200, 'Success') > auth.register(onaccept=success) > return 'An error occurred' > > This is untested, so I may have missed something. > > Anthony > > On Wednesday, January 23, 2013 6:11:26 PM UTC-5, Mark Li wrote: >> >> I have decided to use validate_and_insert with web2py's REST methods >> >> db.auth_user.validate_and_insert(**fields) >> >> Testing so far, I was able to add a user even though the email and >> password fields were empty in the POST call. I altered my api action so >> that it checks whether or not the email and password fields in the request >> are empty. All other validators seem to be working fine. >> >> If anyone has previous experience with validate_and_insert with the >> auth_user table, and knows of any registration holes this way, please let >> me know! >> >> >> On Tuesday, January 22, 2013 6:50:06 PM UTC-8, Mark Li wrote: >>> >>> I am currently using web2py's auth to return a registration form. >>> >>> However, I would also like users to be able to register RESTfully, with >>> the email and password information in a POST call. How would I write a >>> register action that mimics auth.register(), except the information is from >>> a POST, not a form. >>> >> --
