[web2py] Re: smartgrid tampering with url in browser

Wed, 21 Jun 2017 23:33:01 -0700 


On Wednesday, June 21, 2017 at 10:06:05 PM UTC-7, T.R.Rajkumar wrote:
>
> I put the below  code in my model file amc.py
>
> from gluon.storage import Storage
> from gluon.utils import web2py_uuid
> if not 'auth' in session:
>     session.auth = Storage(hmac_key=web2py_uuid())
>
> But now when in run http://127.0.0.1:8000/web_ocms/amc/new_contract I get 
> this error.
>
> Error ticket for "web_ocms" Ticket ID 
>
> 127.0.0.1.2017-06-22.10-26-57.a604f48d-7432-4cf3-b628-81168a796052
> <type 'exceptions.TypeError'> unsupported type for timedelta seconds 
> component: NoneType[...]
>
 

> # else, only clear auth info in the session
>

>    - 
>    
>    
>            if auth:
>                delta = datetime.timedelta(days=0, seconds=auth.expiration)
>    
>                if auth.last_visit and auth.last_visit + delta > now:
>                    self.user = auth.user
>                    # this is a trick to speed up sessions to avoid many writes
>                    if (now - auth.last_visit).seconds > (auth.expiration / 
> 10):
>    
>    Variables 
>    auth.expiration None 
>    [...] 
>    
>    
>    auth <Storage {'hmac_key': '58fb6e67-49ea-4063-986d-8406469f6309'}> 
>    [...] 
>    
>    
>    
>    
>    
> So now I commented in db.py
> #auth = Auth(db, host_names=myconf.get('host.names'))
>
> After commenting auth the url works. Is this because of the hmac_key ?
>
>
>

It looks like you're confusing the initialization by setting  auth data in 
the session without including fields it expects.  If you're in a new 
session, web2py won't have set auth data yet, but it still checks to see if 
the session includes old auth data.  Perhaps you could set 
auth.expiration=somenumseconds 
when you set the hmac_key.

Caveat: I haven't checked to see if there are other auth fields that might 
trip you up in a similar way.  It looks like an hmac_key is normally set by 
the _init routine *after* this expiration check.

/dps

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to