from gluon.tools import Auth, AuthJWT
auth = Auth(db, controller = 'default', host_names = 
configuration.get(configuration_env + '_' + 'auth.host') )

myjwt = AuthJWT(auth, secret_key = 'secret')

def login_and_take_token():
    return myjwt.jwt_token_manager()

def header_jwt():
    if not request.env.request_method == 'GET': raise HTTP(403)
   * if auth.is_logged_in():*
        table_name = request.args(0)
        id = request.args(1)

        if id.isdigit() and int(id) > 0:
            query = (db[table_name]['id'] == id)
            query = (db[table_name]['id'] > 0)

        rows = db(query).select().as_json()
        return rows
    raise HTTP(401)

*## Terminal using curl*
*# Token Generator*
curl -X POST -d username=user -d password=password -i

*# Auth with Token Only*
curl --user user:password -H "Authorization: Bearer paste_jwt_token_here"
curl --user user:password -H "Authorization: Bearer paste_jwt_token_here"

*command :*
curl -H "Authorization: Bearer paste_jwt_token_here"
data shown without user credentials
*expected result:*
data not shown without user credentials

any idea? or is it normal because from code above i've used 
@auth.requires.login() even put the auth.is_logged_in() decorator?

thx and best regards,

- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to