if you do not want to use basic auth, a common pattern is having a service
that generates a temporary token and then having the client pass the token
with each call.
@service.xmlrpc
def get_auth_token(user, password):
...
return token
@service.xmlrpc
def aservicemethod(token, ...):
check_token(...)
you can create a decorator to call check_token in a more elegant and
readable fashion ;-)
2015-05-05 20:51 GMT+02:00 Niphlod <[email protected]>:
> usually services do not make use of session cookies, that are the ones
> web2py checks. A service should use something like basic authentication...
>
>
> On Tuesday, May 5, 2015 at 6:57:23 PM UTC+2, Lisandro wrote:
>>
>> I'm creating a XMLRPC webservice with web2py, everything works perfect.
>> In order to restrict access to the webservice, acordingly to the docs,
>> you have to decorate the function that instantiates the webservice, for
>> example:
>>
>> @auth.requires_login()
>> def call():
>> return service()
>>
>>
>> @service.xmlrpc
>> def check():
>> return auth.user.email
>>
>> So, in order to connect to this webservice, you would have to pass the
>> user and password in the url, like this:
>> http://user:email@domain/default/call/xmlrpc
>> And then you would be able to run the function "check()" of the
>> webservice.
>>
>> So far all good. But what if I want to create a public webservice, and
>> include a function for login (taking user and email as arguments)? The
>> function should login the user and next calls to other functions should be
>> able to check if user is logged in.
>>
>> I've tried this with no success:
>>
>> def call():
>> return service()
>>
>>
>> @service.xmlrpc
>> def login(data):
>> user = auth.login_bare(data['email'], data['password'])
>> if not user:
>> return False
>> else:
>> auth.login_user(user)
>> return True
>>
>>
>> @service.xmlrpc
>> def check():
>> if auth.is_logged_in():
>> return auth.user.email
>> else:
>> return False
>>
>> However this doesn't work. I can succesfully connect to the webservice,
>> and I can succesfully execute "login()" function, but then inmediately I
>> execute "check()" function and I always receive False, so the session isn't
>> created.
>>
>> For the testing client I'm using class ServerProxy from python xmlrpclib.
>> I know this is easy to fix (using the first of the two examples shown
>> here), but not all clients support basic authentication and I'm trying to
>> figure out what to do for those cases. Thanks in advance!
>>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
