Something like this:
def clean_email_key_table(table)
# use dateutil to calculate cutoff_date. 30 days maybe?
db(db[table].created_on < cutoff_date).delete()
db.define_table('user_email_key',
Field('user_id', 'reference auth_user' ....),
Field('email_key', length=256 ... # this would be a uuid generated for
each email. Goes into the URL get vars.
Field('saved_key', length=256 ... # another uuid generated for each email.
Goes in the session
Field('created_on', 'date', default = request.now),
#assuming lazy tables
on_define=clean_email_key_table
)
include the following in the url vars: dict(s='mail', ek=email_key,
sk=saved_key)
Then in the receiving controller:
if 's' in request.get_vars and request.get_vars.s == 'mail':
signature = False
query = db(
(db.user_email_key.user_id==auth.user_id) &
(db.user_email_key.email_key==request.get_vars.ek) &
(db.user_email_key.saved_key==session.saved_key) # the saved_key needs
to go into the session at the time you generate the email.
)
res = db(query).count()
if not res:
# redirect to not authorized raise HTTP 403 or other
# bail out, whatever you do
db(query).delete() # the key only works once.
session.saved_key = None
else: signature = True
form = SQLFORM(db.whatever, ...signature=signature)
On Wednesday, November 6, 2013 2:58:07 PM UTC-5, Jim S wrote:
>
> I tried sending the signed link via the email, but that seemed to fail as
> well. Also have to assume that the person getting the email and navigating
> to the page is not using the same session as the one sending the email.
> So, how would you build the signature?
>
> I will investigate the redirect option, but if there is a way that I can
> send a valid signature to a different user, I would really appreciate
> pointers....
>
> -Jim
>
>
>
> On Wed, Nov 6, 2013 at 1:52 PM, Niphlod <[email protected] <javascript:>>wrote:
>
>> that why then. if the user is only allowed to access the grid WITH the
>> signature, he can't access the same link without the signature (and that's
>> the whole point about signed links).
>>
>> You need to figure out yourself (with your application's demands) what to
>> do (i.e. sending a signed link by mail, turning off signatures, send a link
>> to a page that then redirects to the signed link to the grid, etc etc etc)
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to a topic in the
>> Google Groups "web2py-users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/web2py/YhzviZbdwW0/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
