This is a big can of worms. @ is a reserved character and if used in urls, it should be encoded. I do not want encoded chars in the URL because this defies the all purpose: readability by humans.
Massimo On Jul 16, 9:07 am, Jonathan Lundell <[email protected]> wrote: > On Jul 16, 2009, at 6:35 AM, Jonathan Lundell wrote: > > > > > On Jul 16, 2009, at 6:18 AM, mdipierro wrote: > > >> web2py validates the URL and does allow the @ sign in the URL, only > >> alphanumaric characters, _, - and non-consecutive . and /. > > > Did you mean "does not allow"? Shouldn't the validation be more > > generous in the args section? There's nothing wrong with this as an > > http URL: > > >http://localhost:8000/init/default/json_read_nologin/user%40domain.com > > > (Where does the validation happen?) > > OK, that last was a dumb question, since I just finished reformatting > regex_url. > > So here's the validation for args: ([\w\-][\=\./]?)+ > > I don't want to make a proposal here, since I have no idea what args > consumers are assuming for validation. But it does seem reasonable in > the abstract to allow a little more than this pattern permits. > > (And I could see piggybacking on the IS_HTTP_URL validator for the > first cut.) > > > > >> On Jul 16, 2:07 am, David Watson <[email protected]> wrote: > >>> I'm using web2py 1.65.5 with google app engine. > > >>> I've run into a problem with request.args in relation to my json > >>> calls: > > >>> @service.json > >>> def json_read_nologin(): > >>> return request.args[0] > > >>> or the same function defined sans the service decorator, both work > >>> fine, as long as I don't pass something containing an @ sign, i.e. > > >>> http://localhost:8000/init/default/json_read_nologin/[email protected] > > >>> this generates an invalid request even if url encoded: > > >>>http://localhost:8000/init/default/json_read_nologin/user > >>> %40domain.com > > >>> I'm not sure what I'm doing wrong here but this behavior doesn't > >>> seem > >>> like what I'd expect. > > >>> Thanks, > >>> David > > >>> On Jun 23, 8:47 pm, mdipierro <[email protected]> wrote: > > >>>> You cannot mix authorization and services this way. It is > >>>> complicated > >>>> an there are many cases.... > > >>>> If you have > > >>>> @auth.requires_login() > >>>> def acceptme(): > >>>> return 'accepted' > > >>>> you can call "http://..../acceptme.json"; and you will get aJSON > >>>> response. You do not need the decorator. > > >>>> @auth.requires_login() > >>>> @service.json() > >>>> def acceptme(): > >>>> return 'accepted' > >>>> def run(): return service() > > >>>> exposes "http://..../service/json/acceptme"; before requiring login. > > >>>> @service.json() > >>>> def acceptme(): > >>>> return 'accepted' > >>>> @auth.requires_login() > >>>> def run(): return service() > > >>>> this should work but will require login for all services > > >>>> @service.json() > >>>> @auth.requires_login() > >>>> def acceptme(): > >>>> return 'accepted' > >>>> def run(): return service() > > >>>> this is not completely clear to me why does not work but I see some > >>>> logical problems. > > >>>> Massimo > > >>>> On Jun 23, 7:31 pm, Hasanat Kazmi <[email protected]> wrote: > > >>>>> Here is an interesting behavior. > >>>>> i have following function > > >>>>> @auth.requires_login() > >>>>> @service.json > >>>>> @service.jsonrpc > >>>>> def acceptme(): > >>>>> return "accepted" > > >>>>> in this case, whatever username and password I give, I get > >>>>> returned > >>>>> "accepted" but if I put @auth.requires_login() after > >>>>> @service.jsonrpc, > >>>>> it always returns me "Object does not exist" . > > >>>>> I call it like > >>>>> this:http://hasanatkazmi%40gmail.com:**...@localhost:8000/sahana/admin/cal > >>>>> ... > > >>>>> Anyone has an idea whats going on? > > >>>>> On Jun 4, 7:28 am, Alexei Vinidiktov <[email protected]> > >>>>> wrote: > > >>>>>> I've tried this with the pyjamas tutorial and it didn't work. > >>>>>> I've > >>>>>> enabled user registration and registered a user whose > >>>>>> credentials are > >>>>>> used in the URL below. I got a server error when a function > >>>>>> requiring > >>>>>> user authentication was called. > > >>>>>> I changed the line > > >>>>>> JSONProxy.__init__(self, "../../default/call/jsonrpc", > >>>>>> ["getTasks", > >>>>>> "addTask","deleteTask"]) > > >>>>>> to read > > >>>>>> JSONProxy.__init__(self, > >>>>>> "http://myemail%40gmail.com%[email protected]:8000/pyjamas/defaul > >>>>>> ...", > >>>>>> ["getTasks", "addTask","deleteTask"]) > > >>>>>> What am I missing? > > >>>>>> Thanks. > > >>>>>> On Mon, Jun 1, 2009 at 12:51 PM, mdipierro > >>>>>> <[email protected]> wrote: > > >>>>>>> OK. As you request since the latest version in trunk you can do > > >>>>>>> @auth.requires_login() > >>>>>>> def index(): return 'hello world' > > >>>>>>> and access it with > > >>>>>>> curl -u username:passwordhttp://127.0.0.1:8000/app/default/ > >>>>>>> index > > >>>>>>> or > > >>>>>>> curlhttp://username:[email protected]:8000/app/default/index > > >>>>>>> In the latter case username and password have to be encoded by > >>>>>>> urllib.quote() > > >>>>>>> works for services too. > > >>>>>>> Massimo > > >>>>>>> On May 31, 10:43 pm, Dan <[email protected]> wrote: > >>>>>>>> Since my last message on this thread, I came up with a patch > >>>>>>>> to the > >>>>>>>> Auth.login() code that lets me do what I need, so figured I > >>>>>>>> should > >>>>>>>> post it here. Let me know if you see any issues with this > >>>>>>>> approach (or > >>>>>>>> improvements to it). > > >>>>>>>> To recap, what I want to do is to let a script runing wget > >>>>>>>> (not a > >>>>>>>> browser)loginand then work with some parts of the app that > >>>>>>>> require > >>>>>>>> membership in groups. I want to pass the user's name and > >>>>>>>> password to > >>>>>>>> theloginformusing post variables in the URL. This is not > >>>>>>>> normally > >>>>>>>> possible with web2py'sAuth.login() function, so it needs to be > >>>>>>>> modified, like this- > > >>>>>>>> referring to source code > >>>>>>>> here:http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools-pysrc > >>>>>>>> ... > >>>>>>>> Change these 3 lines ... > >>>>>>>> 622 ifFORM.accepts(form, request.vars, session, > >>>>>>>> 623 formname='login', > >>>>>>>> 624 onvalidation=onvalidation): > > >>>>>>>> ... to be these 3 lines: > >>>>>>>> if username in request.vars.keys() and request.vars.password > >>>>>>>> and \ > >>>>>>>> FORM.accepts(form, request.vars, > >>>>>>>> formname=None, onvalidation=onvalidation): > > >>>>>>>> This change lets theformtake the username and password from the > >>>>>>>> URL's post variables (or theformitself - but not both of > >>>>>>>> course). > >>>>>>>> Then my script willloginusing wget's optional arguments "-- > >>>>>>>> keep- > >>>>>>>> session-cookies --save-cookies=" when submitting the user name > >>>>>>>> and > >>>>>>>> password to the app'sloginfunction. These wget options store > >>>>>>>> the > >>>>>>>> session cookie in a local file. Then subsequent wget calls to > >>>>>>>> the > >>>>>>>> restricted parts of the app can use those cookies as a token > >>>>>>>> to gain > >>>>>>>> access with the option "--load-cookies=". > > >>>>>>>> Apologies for straying a bit from the original use case of this > >>>>>>>> thread, but perhaps it's general approach will be a helpful > >>>>>>>> hint. > > >>>>>>>> Also: I don't fully understand what the purpose of the > >>>>>>>> "formname" > >>>>>>>> parameter is, or why it was necessary to None-ify it. If > >>>>>>>> someone can > >>>>>>>> explain this to me, I'd appreciate it. > > >>>>>>>> Dan > > >>>>>>>> On May 29, 6:15 pm, Dan <[email protected]> wrote: > > >>>>>>>>> Reviving this thread from before... I would like to have a > >>>>>>>>> shell > >>>>>>>>> script use wget to authenticate itself and access the data in > >>>>>>>>> a web2py > >>>>>>>>> application, but I haven't been able to get the web2py app to > >>>>>>>>> accept > >>>>>>>>> the post'ed email and password information, which I sent to > >>>>>>>>> the user/ > >>>>>>>>> loginURL. Is this the right way to do it? > > >>>>>>>>> I see some passing references to alternate authorization > >>>>>>>>> methods in > >>>>>>>>> the documentation and the code, but I haven't been able to > >>>>>>>>> get much > >>>>>>>>> detail on what those might be. For example- > > >>>>>>>>>http://mdp.cti.depaul.edu/examples/default/ > >>>>>>>>> tools#authentication: > >>>>>>>>> "TheAuthcalls can be extended, personalized, and replaced by > >>>>>>>>> other > >>>>>>>>> authentication mechanisms which expose a similar interface." > > >>>>>>>>> and > >>>>>>>>> inhttp://mdp.cti.depaul.edu/examples/static/epydoc/web2py.gluon.tools-p > >>>>>>>>> ... > >>>>>>>>> : > >>>>>>>>> 644 if not user: > >>>>>>>>> 645 ## try alternateloginmethods > >>>>>>>>> 646 for login_method in > >>>>>>>>> self.settings.login_methods: > >>>>>>>>> 647 if login_method != self and \ > >>>>>>>>> 648 login_method(request.vars > >>>>>>>>> [username], > >>>>>>>>> 649 > >>>>>>>>> request.vars.password): > >>>>>>>>> 650 user = self.get_or_create_user > >>>>>>>>> (form.vars) > > >>>>>>>>> Is there a place where I can find out more about what already > >>>>>>>>> exists, > >>>>>>>>> or how to go about getting something like what the original > >>>>>>>>> message in > >>>>>>>>> this thread described? > > >>>>>>>>> Dan > > >>>>>>>>> On May 17, 8:22 pm, mdipierro <[email protected]> wrote: > > >>>>>>>>>> I need to look into this. I do not think there can be a > >>>>>>>>>> generic > >>>>>>>>>> approach. Each protocol has its own quirks and some do not > >>>>>>>>>> handle > >>>>>>>>>> session or authenication. > > >>>>>>>>>> Massimo > > >>>>>>>>>> On May 17, 8:14 pm, jcorbett <[email protected]> wrote: > > >>>>>>>>>>> I love the service framework, however I am interested in > >>>>>>>>>>> being able to > >>>>>>>>>>> authenticate users. Withjson/jsonrpcthis shouldn't be too > >>>>>>>>>>> hard as > >>>>>>>>>>> the browser that the ajax request would come from would > > ... > > read more » --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
