Thanks! I like this solution, I will give it a try.
El miércoles, 6 de mayo de 2015, 12:34:13 (UTC-3), mcm escribió: > > if you do not want to use basic auth, a common pattern is having a > service that generates a temporary token and then having the client pass > the token with each call. > > @service.xmlrpc > def get_auth_token(user, password): > ... > return token > > @service.xmlrpc > def aservicemethod(token, ...): > check_token(...) > > you can create a decorator to call check_token in a more elegant and > readable fashion ;-) > > > 2015-05-05 20:51 GMT+02:00 Niphlod <[email protected] <javascript:>>: > >> usually services do not make use of session cookies, that are the ones >> web2py checks. A service should use something like basic authentication... >> >> >> On Tuesday, May 5, 2015 at 6:57:23 PM UTC+2, Lisandro wrote: >>> >>> I'm creating a XMLRPC webservice with web2py, everything works perfect. >>> In order to restrict access to the webservice, acordingly to the docs, >>> you have to decorate the function that instantiates the webservice, for >>> example: >>> >>> @auth.requires_login() >>> def call(): >>> return service() >>> >>> >>> @service.xmlrpc >>> def check(): >>> return auth.user.email >>> >>> So, in order to connect to this webservice, you would have to pass the >>> user and password in the url, like this: >>> http://user:email@domain/default/call/xmlrpc >>> And then you would be able to run the function "check()" of the >>> webservice. >>> >>> So far all good. But what if I want to create a public webservice, and >>> include a function for login (taking user and email as arguments)? The >>> function should login the user and next calls to other functions should be >>> able to check if user is logged in. >>> >>> I've tried this with no success: >>> >>> def call(): >>> return service() >>> >>> >>> @service.xmlrpc >>> def login(data): >>> user = auth.login_bare(data['email'], data['password']) >>> if not user: >>> return False >>> else: >>> auth.login_user(user) >>> return True >>> >>> >>> @service.xmlrpc >>> def check(): >>> if auth.is_logged_in(): >>> return auth.user.email >>> else: >>> return False >>> >>> However this doesn't work. I can succesfully connect to the webservice, >>> and I can succesfully execute "login()" function, but then inmediately I >>> execute "check()" function and I always receive False, so the session isn't >>> created. >>> >>> For the testing client I'm using class ServerProxy from python >>> xmlrpclib. >>> I know this is easy to fix (using the first of the two examples shown >>> here), but not all clients support basic authentication and I'm trying to >>> figure out what to do for those cases. Thanks in advance! >>> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
