On Jul 16, 2009, at 6:18 AM, mdipierro wrote: > > web2py validates the URL and does allow the @ sign in the URL, only > alphanumaric characters, _, - and non-consecutive . and /.
Did you mean "does not allow"? Shouldn't the validation be more generous in the args section? There's nothing wrong with this as an http URL: http://localhost:8000/init/default/json_read_nologin/user%40domain.com (Where does the validation happen?) > > On Jul 16, 2:07 am, David Watson <[email protected]> wrote: >> I'm using web2py 1.65.5 with google app engine. >> >> I've run into a problem with request.args in relation to my json >> calls: >> >> @service.json >> def json_read_nologin(): >> return request.args[0] >> >> or the same function defined sans the service decorator, both work >> fine, as long as I don't pass something containing an @ sign, i.e. >> >> http://localhost:8000/init/default/json_read_nologin/[email protected] >> >> this generates an invalid request even if url encoded: >> >> http://localhost:8000/init/default/json_read_nologin/user >> %40domain.com >> >> I'm not sure what I'm doing wrong here but this behavior doesn't seem >> like what I'd expect. >> >> Thanks, >> David >> >> On Jun 23, 8:47 pm, mdipierro <[email protected]> wrote: >> >>> You cannot mix authorization and services this way. It is >>> complicated >>> an there are many cases.... >> >>> If you have >> >>> @auth.requires_login() >>> def acceptme(): >>> return 'accepted' >> >>> you can call "http://..../acceptme.json"; and you will get aJSON >>> response. You do not need the decorator. >> >>> @auth.requires_login() >>> @service.json() >>> def acceptme(): >>> return 'accepted' >>> def run(): return service() >> >>> exposes "http://..../service/json/acceptme"; before requiring login. >> >>> @service.json() >>> def acceptme(): >>> return 'accepted' >>> @auth.requires_login() >>> def run(): return service() >> >>> this should work but will require login for all services >> >>> @service.json() >>> @auth.requires_login() >>> def acceptme(): >>> return 'accepted' >>> def run(): return service() >> >>> this is not completely clear to me why does not work but I see some >>> logical problems. >> >>> Massimo >> >>> On Jun 23, 7:31 pm, Hasanat Kazmi <[email protected]> wrote: >> >>>> Here is an interesting behavior. >>>> i have following function >> >>>> @auth.requires_login() >>>> @service.json >>>> @service.jsonrpc >>>> def acceptme(): >>>> return "accepted" >> >>>> in this case, whatever username and password I give, I get returned >>>> "accepted" but if I put @auth.requires_login() after >>>> @service.jsonrpc, >>>> it always returns me "Object does not exist" . >> >>>> I call it like >>>> this:http://hasanatkazmi%40gmail.com:**...@localhost:8000/sahana/admin/cal >>>> ... >> >>>> Anyone has an idea whats going on? >> >>>> On Jun 4, 7:28 am, Alexei Vinidiktov <[email protected]> >>>> wrote: >> >>>>> I've tried this with the pyjamas tutorial and it didn't work. I've >>>>> enabled user registration and registered a user whose >>>>> credentials are >>>>> used in the URL below. I got a server error when a function >>>>> requiring >>>>> user authentication was called. >> >>>>> I changed the line >> >>>>> JSONProxy.__init__(self, "../../default/call/jsonrpc", >>>>> ["getTasks", >>>>> "addTask","deleteTask"]) >> >>>>> to read >> >>>>> JSONProxy.__init__(self, >>>>> "http://myemail%40gmail.com%[email protected]:8000/pyjamas/defaul >>>>> ...", >>>>> ["getTasks", "addTask","deleteTask"]) >> >>>>> What am I missing? >> >>>>> Thanks. >> >>>>> On Mon, Jun 1, 2009 at 12:51 PM, mdipierro >>>>> <[email protected]> wrote: >> >>>>>> OK. As you request since the latest version in trunk you can do >> >>>>>> @auth.requires_login() >>>>>> def index(): return 'hello world' >> >>>>>> and access it with >> >>>>>> curl -u username:passwordhttp://127.0.0.1:8000/app/default/ >>>>>> index >> >>>>>> or >> >>>>>> curlhttp://username:[email protected]:8000/app/default/index >> >>>>>> In the latter case username and password have to be encoded by >>>>>> urllib.quote() >> >>>>>> works for services too. >> >>>>>> Massimo >> >>>>>> On May 31, 10:43 pm, Dan <[email protected]> wrote: >>>>>>> Since my last message on this thread, I came up with a patch >>>>>>> to the >>>>>>> Auth.login() code that lets me do what I need, so figured I >>>>>>> should >>>>>>> post it here. Let me know if you see any issues with this >>>>>>> approach (or >>>>>>> improvements to it). >> >>>>>>> To recap, what I want to do is to let a script runing wget >>>>>>> (not a >>>>>>> browser)loginand then work with some parts of the app that >>>>>>> require >>>>>>> membership in groups. I want to pass the user's name and >>>>>>> password to >>>>>>> theloginformusing post variables in the URL. This is not >>>>>>> normally >>>>>>> possible with web2py'sAuth.login() function, so it needs to be >>>>>>> modified, like this- >> >>>>>>> referring to source code >>>>>>> here:http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools-pysrc >>>>>>> >>>>>>> ... >>>>>>> Change these 3 lines ... >>>>>>> 622 ifFORM.accepts(form, request.vars, session, >>>>>>> 623 formname='login', >>>>>>> 624 onvalidation=onvalidation): >> >>>>>>> ... to be these 3 lines: >>>>>>> if username in request.vars.keys() and request.vars.password >>>>>>> and \ >>>>>>> FORM.accepts(form, request.vars, >>>>>>> formname=None, onvalidation=onvalidation): >> >>>>>>> This change lets theformtake the username and password from the >>>>>>> URL's post variables (or theformitself - but not both of >>>>>>> course). >>>>>>> Then my script willloginusing wget's optional arguments "--keep- >>>>>>> session-cookies --save-cookies=" when submitting the user name >>>>>>> and >>>>>>> password to the app'sloginfunction. These wget options store the >>>>>>> session cookie in a local file. Then subsequent wget calls to >>>>>>> the >>>>>>> restricted parts of the app can use those cookies as a token >>>>>>> to gain >>>>>>> access with the option "--load-cookies=". >> >>>>>>> Apologies for straying a bit from the original use case of this >>>>>>> thread, but perhaps it's general approach will be a helpful >>>>>>> hint. >> >>>>>>> Also: I don't fully understand what the purpose of the >>>>>>> "formname" >>>>>>> parameter is, or why it was necessary to None-ify it. If >>>>>>> someone can >>>>>>> explain this to me, I'd appreciate it. >> >>>>>>> Dan >> >>>>>>> On May 29, 6:15 pm, Dan <[email protected]> wrote: >> >>>>>>>> Reviving this thread from before... I would like to have a >>>>>>>> shell >>>>>>>> script use wget to authenticate itself and access the data in >>>>>>>> a web2py >>>>>>>> application, but I haven't been able to get the web2py app to >>>>>>>> accept >>>>>>>> the post'ed email and password information, which I sent to >>>>>>>> the user/ >>>>>>>> loginURL. Is this the right way to do it? >> >>>>>>>> I see some passing references to alternate authorization >>>>>>>> methods in >>>>>>>> the documentation and the code, but I haven't been able to >>>>>>>> get much >>>>>>>> detail on what those might be. For example- >> >>>>>>>> http://mdp.cti.depaul.edu/examples/default/ >>>>>>>> tools#authentication: >>>>>>>> "TheAuthcalls can be extended, personalized, and replaced by >>>>>>>> other >>>>>>>> authentication mechanisms which expose a similar interface." >> >>>>>>>> and >>>>>>>> inhttp://mdp.cti.depaul.edu/examples/static/epydoc/web2py.gluon.tools-p >>>>>>>> >>>>>>>> ... >>>>>>>> : >>>>>>>> 644 if not user: >>>>>>>> 645 ## try alternateloginmethods >>>>>>>> 646 for login_method in >>>>>>>> self.settings.login_methods: >>>>>>>> 647 if login_method != self and \ >>>>>>>> 648 login_method(request.vars >>>>>>>> [username], >>>>>>>> 649 >>>>>>>> request.vars.password): >>>>>>>> 650 user = self.get_or_create_user >>>>>>>> (form.vars) >> >>>>>>>> Is there a place where I can find out more about what already >>>>>>>> exists, >>>>>>>> or how to go about getting something like what the original >>>>>>>> message in >>>>>>>> this thread described? >> >>>>>>>> Dan >> >>>>>>>> On May 17, 8:22 pm, mdipierro <[email protected]> wrote: >> >>>>>>>>> I need to look into this. I do not think there can be a >>>>>>>>> generic >>>>>>>>> approach. Each protocol has its own quirks and some do not >>>>>>>>> handle >>>>>>>>> session or authenication. >> >>>>>>>>> Massimo >> >>>>>>>>> On May 17, 8:14 pm, jcorbett <[email protected]> wrote: >> >>>>>>>>>> I love the service framework, however I am interested in >>>>>>>>>> being able to >>>>>>>>>> authenticate users. Withjson/jsonrpcthis shouldn't be too >>>>>>>>>> hard as >>>>>>>>>> the browser that the ajax request would come from would >>>>>>>>>> have the same >>>>>>>>>> session. >> >>>>>>>>>> Particularly I am concerned with writing an xmlrpc service >>>>>>>>>> that >>>>>>>>>> requires authentication. TheAuthclass doesn't seem to >>>>>>>>>> expose any of >>>>>>>>>> the lower level logic for authentication (like >>>>>>>>>> aloginfunction that >>>>>>>>>> takes a username and a password). Any ideas on how I can >>>>>>>>>> do this. >>>>>>>>>> I'm not afraid of writing my own implimentation, however I >>>>>>>>>> would love >>>>>>>>>> to piggy back off what is already there. >> >>>>>>>>>> I would figure I would want to have aloginfunction that >>>>>>>>>> would create >>>>>>>>>> a session key (limited lifetime), and each function would >>>>>>>>>> be required >>>>>>>>>> to provide that key. >> >>>>>>>>>> Any ideas would be appreciated. >> >>>>>>>>>> Jason Corbett >>>>>>>>>> BTW I love the simplicity of web2py, it took me maybe 2-3 >>>>>>>>>> hours to >>>>>>>>>> write a simple app that was even themed. >> >>>>> -- >>>>> Alexei Vinidiktov > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
