You can do exactly that with web2py 2.13.4
https://github.com/web2py/web2py/blob/master/gluon/tools.py#L1200
except you need two validators instead of one:
@auth.allow_jwt()
@auth.requires_login()
which means that you want allow jwt to give you login-like privileges.
if you want you can do
def requires_jwt(func):
return auth.allow_jwt()(auth.requires_login()(func)
and then just use
@requires_jwt
as you want.
On Monday, 28 December 2015 13:05:04 UTC-6, Ramos wrote:
>
> can i do
>
> @auth.requires_jwt()
>
> I would like to use web2py just as a rest api , auth included...
>
> 2015-12-27 7:09 GMT+00:00 Massimo Di Pierro <massimo.dipie...@gmail.com>:
>
>> good catch! we will have to refactor that to support earlier versions of
>> python.
>>
>>
>> On Sunday, 27 December 2015 01:02:09 UTC-6, Lou C wrote:
>>>
>>> I am running version 2.13.4 on GAE which runs on python 2.7.5. The
>>> problem arises when using the @auth.allows_jwt() decorator. The error I get
>>> is AttributeError: 'module' object has no attribute 'compare_digest'.
>>> Which is being called in :
>>>
>>> def verify_signature(self, body, signature, secret):
>>> mauth = hmac.new(key=secret, msg=body, digestmod=self.digestmod)
>>> return hmac.compare_digest(self.jwt_b64e(mauth.digest()),
>>> signature)
>>>
>>> I believe this is because hmac.py uses compare_digest in version 2.7.7.
>>> Anyway to use jwt on GAE ?
>>>
>>> On Friday, December 25, 2015 at 9:04:11 PM UTC-8, Massimo Di Pierro
>>> wrote:
>>>>
>>>> This is issue is now fixed in 2.13.4. :-)
>>>>
>>>> On Friday, 25 December 2015 22:37:54 UTC-6, Πέτρος Χατζηλάμπρος wrote:
>>>>>
>>>>> Mrry Christmas!!!!
>>>>>
>>>>> I found the following bug in version 2.13.3:
>>>>>
>>>>> I am using linux mint and I have a folder named web2py on the ~/Desktop
>>>>> I was using to run web2py by opening terminal and giving the command
>>>>> "python ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0".
>>>>> After the update to version 2.13.3 the following error appears
>>>>> Traceback (most recent call last):
>>>>> File "/home/tsouras/Desktop/web2py/web2py.py", line 6, in <module>
>>>>> import gluon.widget
>>>>> File "/home/tsouras/Desktop/web2py/gluon/widget.py", line 26, in
>>>>> <module>
>>>>> import gluon.main as main
>>>>> File "/home/tsouras/Desktop/web2py/gluon/main.py", line 125, in
>>>>> <module>
>>>>> raise RuntimeError("Cannot determine web2py version")
>>>>> RuntimeError: Cannot determine web2py version
>>>>>
>>>>> So, I did some debugging and I found out
>>>>> that global_settings.gluon_parent is "/home/tsouras" instead of being
>>>>> "/home/tsouras/Desktop/web2py"
>>>>> I overcome this problem by opening terminal and giving command "cd
>>>>> ~Desktop/web2py" before giving the command "python
>>>>> ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0"
>>>>>
>>>>> I did not have this problem using the previous version of web2py
>>>>>
>>>>> On Thursday, December 24, 2015 at 5:21:42 PM UTC+2, Massimo Di Pierro
>>>>> wrote:
>>>>>>
>>>>>> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!!
>>>>>>
>>>>>> It contains some bug fixes for bugs introduced in 2.13.1-2 and most
>>>>>> importantly it contains experimental support for JWT. Here is how it
>>>>>> works:
>>>>>>
>>>>>> 1) instantiate auth with
>>>>>>
>>>>>> auth = Auth(db, jwt = {'secret_key':'secret'})
>>>>>>
>>>>>> where 'secret' is your own secret string.
>>>>>>
>>>>>> 2) Secorate functions that require login but should accept
>>>>>> the JWT token credentials:
>>>>>>
>>>>>> @auth.allows_jwt()
>>>>>> @auth.requires_login()
>>>>>> def myapi(): return 'hello %s' % auth.user.email
>>>>>>
>>>>>> Notice jwt is allowed but not required. if user is logged in,
>>>>>> myapi is accessible.
>>>>>>
>>>>>> 3) Use it!
>>>>>> Now API users can obtain a token with
>>>>>>
>>>>>> http://.../app/default/user/jwt?username=...&password=....
>>>>>>
>>>>>> (returns json object with a token attribute)
>>>>>> API users can refresh an existing token with
>>>>>>
>>>>>> http://.../app/default/user/jwt?token=...
>>>>>>
>>>>>> they can authenticate themselves when calling http:/.../myapi
>>>>>> by injecting a header
>>>>>>
>>>>>> Authorization: Bearer <the jwt token>
>>>>>>
>>>>>> Any additional attributes in the jwt argument of Auth() below:
>>>>>>
>>>>>> auth = Auth(db, jwt = {...})
>>>>>>
>>>>>> are passed to the constructor of class AuthJWT. Look there
>>>>>> for documentation.
>>>>>>
>>>>>> Thanks Niphlod again for implementing this.
>>>>>> Please help us check it so we will declare it stable in the next
>>>>>> release.
>>>>>>
>>>>>> Massimo
>>>>>>
>>>>>>
>>>>>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
