*models/db.py*
from gluon.tools import Auth, AuthJWT
auth = Auth(db, controller = 'default', host_names =
configuration.get(configuration_env + '_' + 'auth.host') )
*controllers/api.py*
myjwt = AuthJWT(auth, secret_key = 'secret')
def login_and_take_token():
return myjwt.jwt_token_manager()
@myjwt.allows_jwt()
*@auth.requires_login()*
def header_jwt():
if not request.env.request_method == 'GET': raise HTTP(403)
* if auth.is_logged_in():*
table_name = request.args(0)
id = request.args(1)
if id.isdigit() and int(id) > 0:
query = (db[table_name]['id'] == id)
else:
query = (db[table_name]['id'] > 0)
rows = db(query).select().as_json()
return rows
raise HTTP(401)
"""
*## Terminal using curl*
*# Token Generator*
curl -X POST -d username=user -d password=password -i
http://127.0.0.1:8000/test/api/login_and_take_token
*# Auth with Token Only*
curl --user user:password -H "Authorization: Bearer paste_jwt_token_here"
http://127.0.0.1:8000/test/api/header_jwt/table/1
curl --user user:password -H "Authorization: Bearer paste_jwt_token_here"
http://127.0.0.1:8000/test/api/header_jwt.json/table/1
"""
*command :*
curl -H "Authorization: Bearer paste_jwt_token_here"
http://127.0.0.1:8000/test/api/header_jwt/table/1
*result:*
data shown without user credentials
*expected result:*
data not shown without user credentials
any idea? or is it normal because from code above i've used
@auth.requires.login() even put the auth.is_logged_in() decorator?
thx and best regards,
stifan
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
