*models/db.py*
from gluon.tools import Auth, AuthJWT
auth = Auth(db, controller = 'default', host_names = 
configuration.get(configuration_env + '_' + 'auth.host') )

*controllers/api.py*
myjwt = AuthJWT(auth, secret_key = 'secret')

def login_and_take_token():
    return myjwt.jwt_token_manager()

@myjwt.allows_jwt()
*@auth.requires_login()*
def header_jwt():
    if not request.env.request_method == 'GET': raise HTTP(403)
   * if auth.is_logged_in():*
        table_name = request.args(0)
        id = request.args(1)

        if id.isdigit() and int(id) > 0:
            query = (db[table_name]['id'] == id)
        else:
            query = (db[table_name]['id'] > 0)

        rows = db(query).select().as_json()
        return rows
    raise HTTP(401)

"""
*## Terminal using curl*
*# Token Generator*
curl -X POST -d username=user -d password=password -i 
http://127.0.0.1:8000/test/api/login_and_take_token

*# Auth with Token Only*
curl --user user:password -H "Authorization: Bearer paste_jwt_token_here" 
http://127.0.0.1:8000/test/api/header_jwt/table/1
curl --user user:password -H "Authorization: Bearer paste_jwt_token_here" 
http://127.0.0.1:8000/test/api/header_jwt.json/table/1
"""

*command :*
curl -H "Authorization: Bearer paste_jwt_token_here" 
http://127.0.0.1:8000/test/api/header_jwt/table/1
*result:*
data shown without user credentials
*expected result:*
data not shown without user credentials

any idea? or is it normal because from code above i've used 
@auth.requires.login() even put the auth.is_logged_in() decorator?

thx and best regards,
stifan

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to