web2py validates the URL and does allow the @ sign in the URL, only alphanumaric characters, _, - and non-consecutive . and /.
On Jul 16, 2:07 am, David Watson <[email protected]> wrote: > I'm using web2py 1.65.5 with google app engine. > > I've run into a problem with request.args in relation to my json > calls: > > @service.json > def json_read_nologin(): > return request.args[0] > > or the same function defined sans the service decorator, both work > fine, as long as I don't pass something containing an @ sign, i.e. > > http://localhost:8000/init/default/json_read_nologin/[email protected] > > this generates an invalid request even if url encoded: > > http://localhost:8000/init/default/json_read_nologin/user%40domain.com > > I'm not sure what I'm doing wrong here but this behavior doesn't seem > like what I'd expect. > > Thanks, > David > > On Jun 23, 8:47 pm, mdipierro <[email protected]> wrote: > > > You cannot mix authorization and services this way. It is complicated > > an there are many cases.... > > > If you have > > > @auth.requires_login() > > def acceptme(): > > return 'accepted' > > > you can call "http://..../acceptme.json"; and you will get aJSON > > response. You do not need the decorator. > > > @auth.requires_login() > > @service.json() > > def acceptme(): > > return 'accepted' > > def run(): return service() > > > exposes "http://..../service/json/acceptme"; before requiring login. > > > @service.json() > > def acceptme(): > > return 'accepted' > > @auth.requires_login() > > def run(): return service() > > > this should work but will require login for all services > > > @service.json() > > @auth.requires_login() > > def acceptme(): > > return 'accepted' > > def run(): return service() > > > this is not completely clear to me why does not work but I see some > > logical problems. > > > Massimo > > > On Jun 23, 7:31 pm, Hasanat Kazmi <[email protected]> wrote: > > > > Here is an interesting behavior. > > > i have following function > > > > @auth.requires_login() > > > @service.json > > > @service.jsonrpc > > > def acceptme(): > > > return "accepted" > > > > in this case, whatever username and password I give, I get returned > > > "accepted" but if I put @auth.requires_login() after @service.jsonrpc, > > > it always returns me "Object does not exist" . > > > > I call it like > > > this:http://hasanatkazmi%40gmail.com:**...@localhost:8000/sahana/admin/cal... > > > > Anyone has an idea whats going on? > > > > On Jun 4, 7:28 am, Alexei Vinidiktov <[email protected]> > > > wrote: > > > > > I've tried this with the pyjamas tutorial and it didn't work. I've > > > > enabled user registration and registered a user whose credentials are > > > > used in the URL below. I got a server error when a function requiring > > > > user authentication was called. > > > > > I changed the line > > > > > JSONProxy.__init__(self, "../../default/call/jsonrpc", ["getTasks", > > > > "addTask","deleteTask"]) > > > > > to read > > > > > JSONProxy.__init__(self, > > > > "http://myemail%40gmail.com%[email protected]:8000/pyjamas/defaul...";, > > > > ["getTasks", "addTask","deleteTask"]) > > > > > What am I missing? > > > > > Thanks. > > > > > On Mon, Jun 1, 2009 at 12:51 PM, mdipierro <[email protected]> > > > > wrote: > > > > > > OK. As you request since the latest version in trunk you can do > > > > > > @auth.requires_login() > > > > > def index(): return 'hello world' > > > > > > and access it with > > > > > > curl -u username:passwordhttp://127.0.0.1:8000/app/default/index > > > > > > or > > > > > > curlhttp://username:[email protected]:8000/app/default/index > > > > > > In the latter case username and password have to be encoded by > > > > > urllib.quote() > > > > > > works for services too. > > > > > > Massimo > > > > > > On May 31, 10:43 pm, Dan <[email protected]> wrote: > > > > >> Since my last message on this thread, I came up with a patch to the > > > > >>Auth.login() code that lets me do what I need, so figured I should > > > > >> post it here. Let me know if you see any issues with this approach > > > > >> (or > > > > >> improvements to it). > > > > > >> To recap, what I want to do is to let a script runing wget (not a > > > > >> browser)loginand then work with some parts of the app that require > > > > >> membership in groups. I want to pass the user's name and password to > > > > >> theloginformusing post variables in the URL. This is not normally > > > > >> possible with web2py'sAuth.login() function, so it needs to be > > > > >> modified, like this- > > > > > >> referring to source code > > > > >> here:http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools-pysrc... > > > > >> Change these 3 lines ... > > > > >> 622 ifFORM.accepts(form, request.vars, session, > > > > >> 623 formname='login', > > > > >> 624 onvalidation=onvalidation): > > > > > >> ... to be these 3 lines: > > > > >> if username in request.vars.keys() and request.vars.password and \ > > > > >> FORM.accepts(form, request.vars, > > > > >> formname=None, onvalidation=onvalidation): > > > > > >> This change lets theformtake the username and password from the > > > > >> URL's post variables (or theformitself - but not both of course). > > > > >> Then my script willloginusing wget's optional arguments "--keep- > > > > >> session-cookies --save-cookies=" when submitting the user name and > > > > >> password to the app'sloginfunction. These wget options store the > > > > >> session cookie in a local file. Then subsequent wget calls to the > > > > >> restricted parts of the app can use those cookies as a token to gain > > > > >> access with the option "--load-cookies=". > > > > > >> Apologies for straying a bit from the original use case of this > > > > >> thread, but perhaps it's general approach will be a helpful hint. > > > > > >> Also: I don't fully understand what the purpose of the "formname" > > > > >> parameter is, or why it was necessary to None-ify it. If someone can > > > > >> explain this to me, I'd appreciate it. > > > > > >> Dan > > > > > >> On May 29, 6:15 pm, Dan <[email protected]> wrote: > > > > > >> > Reviving this thread from before... I would like to have a shell > > > > >> > script use wget to authenticate itself and access the data in a > > > > >> > web2py > > > > >> > application, but I haven't been able to get the web2py app to > > > > >> > accept > > > > >> > the post'ed email and password information, which I sent to the > > > > >> > user/ > > > > >> >loginURL. Is this the right way to do it? > > > > > >> > I see some passing references to alternate authorization methods in > > > > >> > the documentation and the code, but I haven't been able to get much > > > > >> > detail on what those might be. For example- > > > > > >> >http://mdp.cti.depaul.edu/examples/default/tools#authentication: > > > > >> > "TheAuthcalls can be extended, personalized, and replaced by other > > > > >> > authentication mechanisms which expose a similar interface." > > > > > >> > and > > > > >> > inhttp://mdp.cti.depaul.edu/examples/static/epydoc/web2py.gluon.tools-p... > > > > >> > : > > > > >> > 644 if not user: > > > > >> > 645 ## try alternateloginmethods > > > > >> > 646 for login_method in > > > > >> > self.settings.login_methods: > > > > >> > 647 if login_method != self and \ > > > > >> > 648 login_method(request.vars > > > > >> > [username], > > > > >> > 649 > > > > >> > request.vars.password): > > > > >> > 650 user = self.get_or_create_user > > > > >> > (form.vars) > > > > > >> > Is there a place where I can find out more about what already > > > > >> > exists, > > > > >> > or how to go about getting something like what the original > > > > >> > message in > > > > >> > this thread described? > > > > > >> > Dan > > > > > >> > On May 17, 8:22 pm, mdipierro <[email protected]> wrote: > > > > > >> > > I need to look into this. I do not think there can be a generic > > > > >> > > approach. Each protocol has its own quirks and some do not handle > > > > >> > > session or authenication. > > > > > >> > > Massimo > > > > > >> > > On May 17, 8:14 pm, jcorbett <[email protected]> wrote: > > > > > >> > > > I love the service framework, however I am interested in being > > > > >> > > > able to > > > > >> > > > authenticate users. Withjson/jsonrpcthis shouldn't be too > > > > >> > > > hard as > > > > >> > > > the browser that the ajax request would come from would have > > > > >> > > > the same > > > > >> > > > session. > > > > > >> > > > Particularly I am concerned with writing an xmlrpc service that > > > > >> > > > requires authentication. TheAuthclass doesn't seem to expose > > > > >> > > > any of > > > > >> > > > the lower level logic for authentication (like aloginfunction > > > > >> > > > that > > > > >> > > > takes a username and a password). Any ideas on how I can do > > > > >> > > > this. > > > > >> > > > I'm not afraid of writing my own implimentation, however I > > > > >> > > > would love > > > > >> > > > to piggy back off what is already there. > > > > > >> > > > I would figure I would want to have aloginfunction that would > > > > >> > > > create > > > > >> > > > a session key (limited lifetime), and each function would be > > > > >> > > > required > > > > >> > > > to provide that key. > > > > > >> > > > Any ideas would be appreciated. > > > > > >> > > > Jason Corbett > > > > >> > > > BTW I love the simplicity of web2py, it took me maybe 2-3 > > > > >> > > > hours to > > > > >> > > > write a simple app that was even themed. > > > > > -- > > > > Alexei Vinidiktov --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
