I am trying to do basic authentication between two Web2Py Applications. I
posted a question on this before, when I did not understand the problem
properly. I think I need to re-phrase the question.
There are two applications, Provider and Receiver. *Receiver* is
predominantly the view, and *Provider* is back-end logic. Provider already
has some users in its local SQLite database, and Receiver must log in as
one of those. The db.py of the Provider has:
## configure auth policy
auth.settings.registration_requires_verification = True
auth.settings.registration_requires_approval = True
auth.settings.reset_password_requires_verification = True
auth.settings.allow_basic_login = True
auth.settings.controller = 'default'
auth.settings.hmac_key = None
auth.settings.mailer = None
auth.settings.login_after_registration = False
The default controller of the Provider has:
def basic_auth():
"""
checks if the user is logged in and returns True/False.
if so user is in auth.user as well as in session.auth.user
"""
auth.basic()
if auth.user:
print("login success!")
print(auth.user.username, " is logging in!") # This always prints
the correct username
session.forget()
return True
else:
print("login failed!")
return False
The sites controller of the Provider has:
@request.restful()
@auth.requires_login()
def get_username():
def GET():
return str(auth.user.username)
return locals()
Receiver's db.py has:
auth.settings.login_methods = [basic_auth('http://127.0.0.1:8000/Provider')]
And finally, Receiver's index.html has the following JavaScript:
var gBaseUrl="http://127.0.0.1:8000/Provider/sites/";;
$(document).ready(function(){
$.ajax({
type: "GET",
async: true,
url: gBaseUrl+"get_username",
dataType: "text",
success: function(data){
$('#ContentView').append('<p> succeeded '+data+'</p>');
}
failure: function(data){
$('#ContentView').append('<p> failed '+data+'</p>');
}
});
});
Now I need to figure out, when I make jQuery-Ajax calls from Receiver to
Provider, how I can get the right username. If I log in now, Receiver says
login successful, but no name comes back, because the query bears no user
credentials. I had two thoughts at this point:
First, if I could find the right password (in text form), I could add it to
the request header in Ajax GET calls.
Second, I could keep a dummy controller in Receiver, which JavaScript
always makes calls to, and that controller sends HTTPRequest to Provider's
controller(s) to get the real information, this way I do not have to worry
about the same origin policy of Ajax calls.
But to make use of either, I need to get the password as an unencrypted
string, and I cannot seem to get around to doing it. I to add to Receiver's
default controller:
auth.settings.login_onaccept = lambda form:afterlogin(form)
def afterlogin(form):
print(form.vars.password)
redirect("default/index")
But this only prints None. Please shed some light on how to achieve basic
authentication between two web2py apps. I have searched around a lot, and
answers are either incomplete, or too sketchy, and I cannot switch to
something like CAS for unavoidable circumstances.
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
