Correct me if I'm wrong, but it seems like you are splitting the model and
controller parts across two applications.
Why would you do that? The Web2py architecture works best when one
application handles model, view and controller functions for a set of
related tables. Each table, in turn, represents some real-world object.
This would all be so much simpler if you used the typical arrangement.
On Tuesday, March 19, 2013 1:58:05 PM UTC-4, Subhamoy Sengupta wrote:
>
> I am trying to do basic authentication between two Web2Py Applications. I
> posted a question on this before, when I did not understand the problem
> properly. I think I need to re-phrase the question.
>
> There are two applications, Provider and Receiver. *Receiver* is
> predominantly the view, and *Provider* is back-end logic. Provider
> already has some users in its local SQLite database, and Receiver must log
> in as one of those. The db.py of the Provider has:
>
> ## configure auth policy
>
> auth.settings.registration_requires_verification = True
> auth.settings.registration_requires_approval = True
> auth.settings.reset_password_requires_verification = True
> auth.settings.allow_basic_login = True
> auth.settings.controller = 'default'
> auth.settings.hmac_key = None
> auth.settings.mailer = None
> auth.settings.login_after_registration = False
>
>
> The default controller of the Provider has:
>
> def basic_auth():
> """
> checks if the user is logged in and returns True/False.
> if so user is in auth.user as well as in session.auth.user
> """
> auth.basic()
> if auth.user:
> print("login success!")
> print(auth.user.username, " is logging in!") # This always
> prints the correct username
> session.forget()
> return True
> else:
> print("login failed!")
> return False
>
>
> The sites controller of the Provider has:
>
> @request.restful()
> @auth.requires_login()
> def get_username():
> def GET():
> return str(auth.user.username)
> return locals()
>
>
> Receiver's db.py has:
>
> auth.settings.login_methods = [basic_auth('http://127.0.0.1:8000/Provider'
> )]
>
>
>
> And finally, Receiver's index.html has the following JavaScript:
>
> var gBaseUrl="http://127.0.0.1:8000/Provider/sites/";;
> $(document).ready(function(){
> $.ajax({
> type: "GET",
> async: true,
> url: gBaseUrl+"get_username",
> dataType: "text",
> success: function(data){
> $('#ContentView').append('<p> succeeded '+data+'</p>');
> }
> failure: function(data){
> $('#ContentView').append('<p> failed '+data+'</p>');
> }
> });
> });
>
>
> Now I need to figure out, when I make jQuery-Ajax calls from Receiver to
> Provider, how I can get the right username. If I log in now, Receiver says
> login successful, but no name comes back, because the query bears no user
> credentials. I had two thoughts at this point:
>
> First, if I could find the right password (in text form), I could add it
> to the request header in Ajax GET calls.
> Second, I could keep a dummy controller in Receiver, which JavaScript
> always makes calls to, and that controller sends HTTPRequest to Provider's
> controller(s) to get the real information, this way I do not have to worry
> about the same origin policy of Ajax calls.
>
> But to make use of either, I need to get the password as an unencrypted
> string, and I cannot seem to get around to doing it. I to add to Receiver's
> default controller:
>
> auth.settings.login_onaccept = lambda form:afterlogin(form)
>
>
> def afterlogin(form):
> print(form.vars.password)
> redirect("default/index")
>
>
>
> But this only prints None. Please shed some light on how to achieve basic
> authentication between two web2py apps. I have searched around a lot, and
> answers are either incomplete, or too sketchy, and I cannot switch to
> something like CAS for unavoidable circumstances.
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
