I don't think you'll be able to use that method from the browser with the
auth.requires_login() decorator, as the browser will not send the
Authorization header unless the server first sends back a 401 response, and
auth.basic() does not do that by default. To get that behavior, you would
have to enable a basic auth realm. So, instead of using the decorator, to
check authorization, in your function, you could do something like:
if not auth.basic(basic_auth_realm=True)[2]:
raise HTTP(403):
auth.basic() returns a 3-tuple, the last element of which indicates whether
the submitted credentials are associated with a valid user.
Anyway, presumably you're not planning to make these basic auth calls from
the browser, so you should be able to stick with the auth.requires_login()
decorator if you'll instead being using some other tool to make the
requests.
Anthony
On Friday, December 11, 2015 at 9:44:16 AM UTC-5, Boris Aramis Aguilar
RodrÃguez wrote:
>
> Currently I'm trying to create a service for my application as follows:
>
> auth.settings.allow_basic_login = True
>
> @auth.requires_login()
> def test():
> from gluon.serializers import json
> return json((auth.user, 'hello'))
>
> But I've tried to do authentication using the browser as follows:
> https://[email protected]:[email protected]/api/test.json
> (which of course seems broken since @ doesn't seem valid)
>
> So I tried the scaped version:
>
> https://user%40domain.com:[email protected]/api/test.json
>
> but still, I'm being redirected to the login URL, like if basic auth had
> no effect.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
