Hi Massimo, I'm going to explore this option more. Just a quick question though. It seems like both application A and B need to be web2py. Is that true? Application A isn't a web2py application.
Also I learned more about the client's criteria -- they mostly just want a form on application A's website that has a username and password blank. On submit it redirects to a web2py application, authenticates the username/password and leaves the user logged in and at a page of the web2py application. Will the method you described handle this or is there a better method? On Sun, Feb 17, 2013 at 5:22 PM, Massimo Di Pierro < [email protected]> wrote: > Hello Amber, > > You do not need to reinvent the wheel for this. Web2py can do it out of > the box. > > Application B. No special code. Just any web2py application that uses Auth > and exposes the normal default/user action. > > Application A. Use decorators like @auth.requires_login() as normal but > change > > auth = Auth(db) > > into > > auth = Auth(db,cas_provider = > 'http://127.0.0.1:8000/applicaiton_B/default/user/cas') > > > You can read more about this here: > > http://web2py.com/books/default/chapter/29/09?search=cas_provider > > If the two applications have different domains you need to add a line like > this in application B. > > auth.settings.cas_domains.append('application_A_domain.com') > > > > On Sunday, 17 February 2013 12:43:28 UTC-6, Amber Doctor wrote: >> >> Currently I have an application (A) that redirects the user to a web2py >> application (B) to log in. I want to change it so that the application A >> instead calls B with a username/password and gets back dict(user:user) >> where user is the result of auth.login_bare(username,**password). I >> have made a web2py app to mock A calling B with a Post. I have also >> created the method in B to accept the data. Controllers provided below. >> When I make the call, A is correctly getting the user information based on >> whether or not B is able to log in the user. However, when I try to >> navigate around application B's pages that are behind login, I'm told that >> I am not logged in. >> >> For a quick sanity check, I also created a controller marked C, that uses >> the auth.login_bare and not a POST and it works to log me into B >> >> Can anyone please provide insight into what I need to be doing >> differently to allow A to log into B by passing username/password? >> >> >> A >> def test_remote_login(): >> form = SQLFORM(db.remote_login).**process() >> if form.accepted: >> username = form.vars.remote_login_**username >> password = form.vars.remote_login_**password >> access_method = form.vars.access_method >> import httplib, base64, urllib >> params = urllib.urlencode({'username':**username, >> ** 'password':password >> ** }) >> base64string = base64.encodestring('%s:%s' % (username , >> password))[:-1] >> username_password_combo = "Basic " + base64string >> headers = {"Content-type": "application/x-www-form-**urlencoded", >> "Accept": "text/plain", "Authorization": username_password_combo} >> conn = httplib.HTTPConnection(task_**tracker_host_defined) >> connection_url = '/tasktracker3/default/remote_**login' + >> access_method >> conn.request("POST", connection_url, params, headers) >> r1 = conn.getresponse() >> data1 = r1.read() >> conn.close() >> response.flash='Accepted' >> return locals() >> >> >> B >> @request.restful() >> def remote_login(): >> def POST(username,password): >> user = auth.login_bare(username,**password) >> return dict(user=user) >> return locals() >> >> C >> def test_remote_login(): >> username = request.args(0) >> password = request.args(1) >> user = auth.login_bare(username,**password) >> return dict(user=user) > > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
