On Jul 16, 2009, at 6:35 AM, Jonathan Lundell wrote: > > On Jul 16, 2009, at 6:18 AM, mdipierro wrote: > >> >> web2py validates the URL and does allow the @ sign in the URL, only >> alphanumaric characters, _, - and non-consecutive . and /. > > Did you mean "does not allow"? Shouldn't the validation be more > generous in the args section? There's nothing wrong with this as an > http URL: > > http://localhost:8000/init/default/json_read_nologin/user%40domain.com > > (Where does the validation happen?)
OK, that last was a dumb question, since I just finished reformatting regex_url. So here's the validation for args: ([\w\-][\=\./]?)+ I don't want to make a proposal here, since I have no idea what args consumers are assuming for validation. But it does seem reasonable in the abstract to allow a little more than this pattern permits. (And I could see piggybacking on the IS_HTTP_URL validator for the first cut.) > >> >> On Jul 16, 2:07 am, David Watson <[email protected]> wrote: >>> I'm using web2py 1.65.5 with google app engine. >>> >>> I've run into a problem with request.args in relation to my json >>> calls: >>> >>> @service.json >>> def json_read_nologin(): >>> return request.args[0] >>> >>> or the same function defined sans the service decorator, both work >>> fine, as long as I don't pass something containing an @ sign, i.e. >>> >>> http://localhost:8000/init/default/json_read_nologin/[email protected] >>> >>> this generates an invalid request even if url encoded: >>> >>> http://localhost:8000/init/default/json_read_nologin/user >>> %40domain.com >>> >>> I'm not sure what I'm doing wrong here but this behavior doesn't >>> seem >>> like what I'd expect. >>> >>> Thanks, >>> David >>> >>> On Jun 23, 8:47 pm, mdipierro <[email protected]> wrote: >>> >>>> You cannot mix authorization and services this way. It is >>>> complicated >>>> an there are many cases.... >>> >>>> If you have >>> >>>> @auth.requires_login() >>>> def acceptme(): >>>> return 'accepted' >>> >>>> you can call "http://..../acceptme.json"; and you will get aJSON >>>> response. You do not need the decorator. >>> >>>> @auth.requires_login() >>>> @service.json() >>>> def acceptme(): >>>> return 'accepted' >>>> def run(): return service() >>> >>>> exposes "http://..../service/json/acceptme"; before requiring login. >>> >>>> @service.json() >>>> def acceptme(): >>>> return 'accepted' >>>> @auth.requires_login() >>>> def run(): return service() >>> >>>> this should work but will require login for all services >>> >>>> @service.json() >>>> @auth.requires_login() >>>> def acceptme(): >>>> return 'accepted' >>>> def run(): return service() >>> >>>> this is not completely clear to me why does not work but I see some >>>> logical problems. >>> >>>> Massimo >>> >>>> On Jun 23, 7:31 pm, Hasanat Kazmi <[email protected]> wrote: >>> >>>>> Here is an interesting behavior. >>>>> i have following function >>> >>>>> @auth.requires_login() >>>>> @service.json >>>>> @service.jsonrpc >>>>> def acceptme(): >>>>> return "accepted" >>> >>>>> in this case, whatever username and password I give, I get >>>>> returned >>>>> "accepted" but if I put @auth.requires_login() after >>>>> @service.jsonrpc, >>>>> it always returns me "Object does not exist" . >>> >>>>> I call it like >>>>> this:http://hasanatkazmi%40gmail.com:**...@localhost:8000/sahana/admin/cal >>>>> ... >>> >>>>> Anyone has an idea whats going on? >>> >>>>> On Jun 4, 7:28 am, Alexei Vinidiktov <[email protected]> >>>>> wrote: >>> >>>>>> I've tried this with the pyjamas tutorial and it didn't work. >>>>>> I've >>>>>> enabled user registration and registered a user whose >>>>>> credentials are >>>>>> used in the URL below. I got a server error when a function >>>>>> requiring >>>>>> user authentication was called. >>> >>>>>> I changed the line >>> >>>>>> JSONProxy.__init__(self, "../../default/call/jsonrpc", >>>>>> ["getTasks", >>>>>> "addTask","deleteTask"]) >>> >>>>>> to read >>> >>>>>> JSONProxy.__init__(self, >>>>>> "http://myemail%40gmail.com%[email protected]:8000/pyjamas/defaul >>>>>> ...", >>>>>> ["getTasks", "addTask","deleteTask"]) >>> >>>>>> What am I missing? >>> >>>>>> Thanks. >>> >>>>>> On Mon, Jun 1, 2009 at 12:51 PM, mdipierro >>>>>> <[email protected]> wrote: >>> >>>>>>> OK. As you request since the latest version in trunk you can do >>> >>>>>>> @auth.requires_login() >>>>>>> def index(): return 'hello world' >>> >>>>>>> and access it with >>> >>>>>>> curl -u username:passwordhttp://127.0.0.1:8000/app/default/ >>>>>>> index >>> >>>>>>> or >>> >>>>>>> curlhttp://username:[email protected]:8000/app/default/index >>> >>>>>>> In the latter case username and password have to be encoded by >>>>>>> urllib.quote() >>> >>>>>>> works for services too. >>> >>>>>>> Massimo >>> >>>>>>> On May 31, 10:43 pm, Dan <[email protected]> wrote: >>>>>>>> Since my last message on this thread, I came up with a patch >>>>>>>> to the >>>>>>>> Auth.login() code that lets me do what I need, so figured I >>>>>>>> should >>>>>>>> post it here. Let me know if you see any issues with this >>>>>>>> approach (or >>>>>>>> improvements to it). >>> >>>>>>>> To recap, what I want to do is to let a script runing wget >>>>>>>> (not a >>>>>>>> browser)loginand then work with some parts of the app that >>>>>>>> require >>>>>>>> membership in groups. I want to pass the user's name and >>>>>>>> password to >>>>>>>> theloginformusing post variables in the URL. This is not >>>>>>>> normally >>>>>>>> possible with web2py'sAuth.login() function, so it needs to be >>>>>>>> modified, like this- >>> >>>>>>>> referring to source code >>>>>>>> here:http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools-pysrc >>>>>>>> ... >>>>>>>> Change these 3 lines ... >>>>>>>> 622 ifFORM.accepts(form, request.vars, session, >>>>>>>> 623 formname='login', >>>>>>>> 624 onvalidation=onvalidation): >>> >>>>>>>> ... to be these 3 lines: >>>>>>>> if username in request.vars.keys() and request.vars.password >>>>>>>> and \ >>>>>>>> FORM.accepts(form, request.vars, >>>>>>>> formname=None, onvalidation=onvalidation): >>> >>>>>>>> This change lets theformtake the username and password from the >>>>>>>> URL's post variables (or theformitself - but not both of >>>>>>>> course). >>>>>>>> Then my script willloginusing wget's optional arguments "-- >>>>>>>> keep- >>>>>>>> session-cookies --save-cookies=" when submitting the user name >>>>>>>> and >>>>>>>> password to the app'sloginfunction. These wget options store >>>>>>>> the >>>>>>>> session cookie in a local file. Then subsequent wget calls to >>>>>>>> the >>>>>>>> restricted parts of the app can use those cookies as a token >>>>>>>> to gain >>>>>>>> access with the option "--load-cookies=". >>> >>>>>>>> Apologies for straying a bit from the original use case of this >>>>>>>> thread, but perhaps it's general approach will be a helpful >>>>>>>> hint. >>> >>>>>>>> Also: I don't fully understand what the purpose of the >>>>>>>> "formname" >>>>>>>> parameter is, or why it was necessary to None-ify it. If >>>>>>>> someone can >>>>>>>> explain this to me, I'd appreciate it. >>> >>>>>>>> Dan >>> >>>>>>>> On May 29, 6:15 pm, Dan <[email protected]> wrote: >>> >>>>>>>>> Reviving this thread from before... I would like to have a >>>>>>>>> shell >>>>>>>>> script use wget to authenticate itself and access the data in >>>>>>>>> a web2py >>>>>>>>> application, but I haven't been able to get the web2py app to >>>>>>>>> accept >>>>>>>>> the post'ed email and password information, which I sent to >>>>>>>>> the user/ >>>>>>>>> loginURL. Is this the right way to do it? >>> >>>>>>>>> I see some passing references to alternate authorization >>>>>>>>> methods in >>>>>>>>> the documentation and the code, but I haven't been able to >>>>>>>>> get much >>>>>>>>> detail on what those might be. For example- >>> >>>>>>>>> http://mdp.cti.depaul.edu/examples/default/ >>>>>>>>> tools#authentication: >>>>>>>>> "TheAuthcalls can be extended, personalized, and replaced by >>>>>>>>> other >>>>>>>>> authentication mechanisms which expose a similar interface." >>> >>>>>>>>> and >>>>>>>>> inhttp://mdp.cti.depaul.edu/examples/static/epydoc/web2py.gluon.tools-p >>>>>>>>> ... >>>>>>>>> : >>>>>>>>> 644 if not user: >>>>>>>>> 645 ## try alternateloginmethods >>>>>>>>> 646 for login_method in >>>>>>>>> self.settings.login_methods: >>>>>>>>> 647 if login_method != self and \ >>>>>>>>> 648 login_method(request.vars >>>>>>>>> [username], >>>>>>>>> 649 >>>>>>>>> request.vars.password): >>>>>>>>> 650 user = self.get_or_create_user >>>>>>>>> (form.vars) >>> >>>>>>>>> Is there a place where I can find out more about what already >>>>>>>>> exists, >>>>>>>>> or how to go about getting something like what the original >>>>>>>>> message in >>>>>>>>> this thread described? >>> >>>>>>>>> Dan >>> >>>>>>>>> On May 17, 8:22 pm, mdipierro <[email protected]> wrote: >>> >>>>>>>>>> I need to look into this. I do not think there can be a >>>>>>>>>> generic >>>>>>>>>> approach. Each protocol has its own quirks and some do not >>>>>>>>>> handle >>>>>>>>>> session or authenication. >>> >>>>>>>>>> Massimo >>> >>>>>>>>>> On May 17, 8:14 pm, jcorbett <[email protected]> wrote: >>> >>>>>>>>>>> I love the service framework, however I am interested in >>>>>>>>>>> being able to >>>>>>>>>>> authenticate users. Withjson/jsonrpcthis shouldn't be too >>>>>>>>>>> hard as >>>>>>>>>>> the browser that the ajax request would come from would >>>>>>>>>>> have the same >>>>>>>>>>> session. >>> >>>>>>>>>>> Particularly I am concerned with writing an xmlrpc service >>>>>>>>>>> that >>>>>>>>>>> requires authentication. TheAuthclass doesn't seem to >>>>>>>>>>> expose any of >>>>>>>>>>> the lower level logic for authentication (like >>>>>>>>>>> aloginfunction that >>>>>>>>>>> takes a username and a password). Any ideas on how I can >>>>>>>>>>> do this. >>>>>>>>>>> I'm not afraid of writing my own implimentation, however I >>>>>>>>>>> would love >>>>>>>>>>> to piggy back off what is already there. >>> >>>>>>>>>>> I would figure I would want to have aloginfunction that >>>>>>>>>>> would create >>>>>>>>>>> a session key (limited lifetime), and each function would >>>>>>>>>>> be required >>>>>>>>>>> to provide that key. >>> >>>>>>>>>>> Any ideas would be appreciated. >>> >>>>>>>>>>> Jason Corbett >>>>>>>>>>> BTW I love the simplicity of web2py, it took me maybe 2-3 >>>>>>>>>>> hours to >>>>>>>>>>> write a simple app that was even themed. >>> >>>>>> -- >>>>>> Alexei Vinidiktov >>> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
