Thanks for the tips Anthony! I'm going to look more into the first method you suggested.
Do you know if enabling Captcha would affect the custom register action if I used auth.register()? Right now, the db.auth_user.validate_and_insert(**fields) works fine. I would be unable to implement Captcha on the clientside (android app), so would auth.register() not work in that case if I have Captchas enabled? On Thursday, January 24, 2013 4:57:51 AM UTC, Anthony wrote: > > Or an easier option is to use the > auth.get_or_create_user()<http://code.google.com/p/web2py/source/browse/gluon/tools.py#1704>method, > though that doesn't provide the password verification > field/validation that the auth.register() function includes (which you may > not want anyway). It also won't provide the CSRF protection that the > auth.register() formkey provides. > > Anthony > > On Wednesday, January 23, 2013 11:45:15 PM UTC-5, Anthony wrote: >> >> You might consider looking at the auth.register() code: >> http://code.google.com/p/web2py/source/browse/gluon/tools.py#2168 >> >> Another option might be to generate an auth.register() form and send the >> formkey to the client to be passed back as a hidden field in the POST call. >> You can then let the web2py auth.register() function handle the >> registration as usual. >> >> If you use a web2py view to create the register form, you can do: >> >> <input name="_formkey" type="hidden" value="{{=auth.register().formkey}}" >> /> >> <input name="_formname" type="hidden" value="register" /> >> >> Otherwise, you can make an Ajax request to get a formkey: >> >> def get_formkey(): >> return auth.register().formkey >> >> That will put the formkey in the session, and when the form is submitted, >> the submitted formkey value will be compared to the value in the session. >> Note, you also need to send a "_formname" field with the value "register". >> >> Your register function could then be: >> >> def register(): >> auth.register() >> return 'An error occurred' >> >> Note, by default, if the registration is accepted, that will do a >> client-side redirect to auth.settings.register_next (assuming web2py.js is >> loaded in the client). If you don't want a redirect, you can define an >> onaccept function that raises an HTTP >> exception<http://web2py.com/books/default/chapter/29/04#HTTP-and-redirect>in >> order to return a string: >> >> def register(): >> def success(form): >> raise HTTP(200, 'Success') >> auth.register(onaccept=success) >> return 'An error occurred' >> >> This is untested, so I may have missed something. >> >> Anthony >> >> On Wednesday, January 23, 2013 6:11:26 PM UTC-5, Mark Li wrote: >>> >>> I have decided to use validate_and_insert with web2py's REST methods >>> >>> db.auth_user.validate_and_insert(**fields) >>> >>> Testing so far, I was able to add a user even though the email and >>> password fields were empty in the POST call. I altered my api action so >>> that it checks whether or not the email and password fields in the request >>> are empty. All other validators seem to be working fine. >>> >>> If anyone has previous experience with validate_and_insert with the >>> auth_user table, and knows of any registration holes this way, please let >>> me know! >>> >>> >>> On Tuesday, January 22, 2013 6:50:06 PM UTC-8, Mark Li wrote: >>>> >>>> I am currently using web2py's auth to return a registration form. >>>> >>>> However, I would also like users to be able to register RESTfully, with >>>> the email and password information in a POST call. How would I write a >>>> register action that mimics auth.register(), except the information is >>>> from >>>> a POST, not a form. >>>> >>> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
