Perhaps ironically, the case I'm talking about is machine-to-machine, no humans involved. While I understand the need for human readability, that restriction seems like throwing the baby out with the bathwater. That said, I'll have a look at routes.py.
On Jul 16, 10:54 am, mdipierro <[email protected]> wrote: > This is a big can of worms. > > @ is a reserved character and if used in urls, it should be encoded. I > do not want encoded chars in the URL because this defies the all > purpose: readability by humans. > > Massimo > > On Jul 16, 9:07 am, Jonathan Lundell <[email protected]> wrote: > > > On Jul 16, 2009, at 6:35 AM, Jonathan Lundell wrote: > > > > On Jul 16, 2009, at 6:18 AM, mdipierro wrote: > > > >> web2py validates the URL and does allow the @ sign in the URL, only > > >> alphanumaric characters, _, - and non-consecutive . and /. > > > > Did you mean "does not allow"? Shouldn't the validation be more > > > generous in the args section? There's nothing wrong with this as an > > > http URL: > > > >http://localhost:8000/init/default/json_read_nologin/user%40domain.com > > > > (Where does the validation happen?) > > > OK, that last was a dumb question, since I just finished reformatting > > regex_url. > > > So here's the validation for args: ([\w\-][\=\./]?)+ > > > I don't want to make a proposal here, since I have no idea what args > > consumers are assuming for validation. But it does seem reasonable in > > the abstract to allow a little more than this pattern permits. > > > (And I could see piggybacking on the IS_HTTP_URL validator for the > > first cut.) > > > >> On Jul 16, 2:07 am, David Watson <[email protected]> wrote: > > >>> I'm using web2py 1.65.5 with google app engine. > > > >>> I've run into a problem with request.args in relation to my json > > >>> calls: > > > >>> @service.json > > >>> def json_read_nologin(): > > >>> return request.args[0] > > > >>> or the same function defined sans the service decorator, both work > > >>> fine, as long as I don't pass something containing an @ sign, i.e. > > > >>> http://localhost:8000/init/default/json_read_nologin/[email protected] > > > >>> this generates an invalid request even if url encoded: > > > >>>http://localhost:8000/init/default/json_read_nologin/user > > >>> %40domain.com > > > >>> I'm not sure what I'm doing wrong here but this behavior doesn't > > >>> seem > > >>> like what I'd expect. > > > >>> Thanks, > > >>> David > > > >>> On Jun 23, 8:47 pm, mdipierro <[email protected]> wrote: > > > >>>> You cannot mix authorization and services this way. It is > > >>>> complicated > > >>>> an there are many cases.... > > > >>>> If you have > > > >>>> @auth.requires_login() > > >>>> def acceptme(): > > >>>> return 'accepted' > > > >>>> you can call "http://..../acceptme.json"; and you will get aJSON > > >>>> response. You do not need the decorator. > > > >>>> @auth.requires_login() > > >>>> @service.json() > > >>>> def acceptme(): > > >>>> return 'accepted' > > >>>> def run(): return service() > > > >>>> exposes "http://..../service/json/acceptme"; before requiring login. > > > >>>> @service.json() > > >>>> def acceptme(): > > >>>> return 'accepted' > > >>>> @auth.requires_login() > > >>>> def run(): return service() > > > >>>> this should work but will require login for all services > > > >>>> @service.json() > > >>>> @auth.requires_login() > > >>>> def acceptme(): > > >>>> return 'accepted' > > >>>> def run(): return service() > > > >>>> this is not completely clear to me why does not work but I see some > > >>>> logical problems. > > > >>>> Massimo > > > >>>> On Jun 23, 7:31 pm, Hasanat Kazmi <[email protected]> wrote: > > > >>>>> Here is an interesting behavior. > > >>>>> i have following function > > > >>>>> @auth.requires_login() > > >>>>> @service.json > > >>>>> @service.jsonrpc > > >>>>> def acceptme(): > > >>>>> return "accepted" > > > >>>>> in this case, whatever username and password I give, I get > > >>>>> returned > > >>>>> "accepted" but if I put @auth.requires_login() after > > >>>>> @service.jsonrpc, > > >>>>> it always returns me "Object does not exist" . > > > >>>>> I call it like > > >>>>> this:http://hasanatkazmi%40gmail.com:**...@localhost:8000/sahana/admin/cal > > >>>>> ... > > > >>>>> Anyone has an idea whats going on? > > > >>>>> On Jun 4, 7:28 am, Alexei Vinidiktov <[email protected]> > > >>>>> wrote: > > > >>>>>> I've tried this with the pyjamas tutorial and it didn't work. > > >>>>>> I've > > >>>>>> enabled user registration and registered a user whose > > >>>>>> credentials are > > >>>>>> used in the URL below. I got a server error when a function > > >>>>>> requiring > > >>>>>> user authentication was called. > > > >>>>>> I changed the line > > > >>>>>> JSONProxy.__init__(self, "../../default/call/jsonrpc", > > >>>>>> ["getTasks", > > >>>>>> "addTask","deleteTask"]) > > > >>>>>> to read > > > >>>>>> JSONProxy.__init__(self, > > >>>>>> "http://myemail%40gmail.com%[email protected]:8000/pyjamas/defaul > > >>>>>> ...", > > >>>>>> ["getTasks", "addTask","deleteTask"]) > > > >>>>>> What am I missing? > > > >>>>>> Thanks. > > > >>>>>> On Mon, Jun 1, 2009 at 12:51 PM, mdipierro > > >>>>>> <[email protected]> wrote: > > > >>>>>>> OK. As you request since the latest version in trunk you can do > > > >>>>>>> @auth.requires_login() > > >>>>>>> def index(): return 'hello world' > > > >>>>>>> and access it with > > > >>>>>>> curl -u username:passwordhttp://127.0.0.1:8000/app/default/ > > >>>>>>> index > > > >>>>>>> or > > > >>>>>>> curlhttp://username:[email protected]:8000/app/default/index > > > >>>>>>> In the latter case username and password have to be encoded by > > >>>>>>> urllib.quote() > > > >>>>>>> works for services too. > > > >>>>>>> Massimo > > > >>>>>>> On May 31, 10:43 pm, Dan <[email protected]> wrote: > > >>>>>>>> Since my last message on this thread, I came up with a patch > > >>>>>>>> to the > > >>>>>>>> Auth.login() code that lets me do what I need, so figured I > > >>>>>>>> should > > >>>>>>>> post it here. Let me know if you see any issues with this > > >>>>>>>> approach (or > > >>>>>>>> improvements to it). > > > >>>>>>>> To recap, what I want to do is to let a script runing wget > > >>>>>>>> (not a > > >>>>>>>> browser)loginand then work with some parts of the app that > > >>>>>>>> require > > >>>>>>>> membership in groups. I want to pass the user's name and > > >>>>>>>> password to > > >>>>>>>> theloginformusing post variables in the URL. This is not > > >>>>>>>> normally > > >>>>>>>> possible with web2py'sAuth.login() function, so it needs to be > > >>>>>>>> modified, like this- > > > >>>>>>>> referring to source code > > >>>>>>>> here:http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools-pysrc > > >>>>>>>> ... > > >>>>>>>> Change these 3 lines ... > > >>>>>>>> 622 ifFORM.accepts(form, request.vars, session, > > >>>>>>>> 623 formname='login', > > >>>>>>>> 624 onvalidation=onvalidation): > > > >>>>>>>> ... to be these 3 lines: > > >>>>>>>> if username in request.vars.keys() and request.vars.password > > >>>>>>>> and \ > > >>>>>>>> FORM.accepts(form, request.vars, > > >>>>>>>> formname=None, onvalidation=onvalidation): > > > >>>>>>>> This change lets theformtake the username and password from the > > >>>>>>>> URL's post variables (or theformitself - but not both of > > >>>>>>>> course). > > >>>>>>>> Then my script willloginusing wget's optional arguments "-- > > >>>>>>>> keep- > > >>>>>>>> session-cookies --save-cookies=" when submitting the user name > > >>>>>>>> and > > >>>>>>>> password to the app'sloginfunction. These wget options store > > >>>>>>>> the > > >>>>>>>> session cookie in a local file. Then subsequent wget calls to > > >>>>>>>> the > > >>>>>>>> restricted parts of the app can use those cookies as a token > > >>>>>>>> to gain > > >>>>>>>> access with the option "--load-cookies=". > > > >>>>>>>> Apologies for straying a bit from the original use case of this > > >>>>>>>> thread, but perhaps it's general approach will be a helpful > > >>>>>>>> hint. > > > >>>>>>>> Also: I don't fully understand what the purpose of the > > >>>>>>>> "formname" > > >>>>>>>> parameter is, or why it was necessary to None-ify it. If > > >>>>>>>> someone can > > >>>>>>>> explain this to me, I'd appreciate it. > > > >>>>>>>> Dan > > > >>>>>>>> On May 29, 6:15 pm, Dan <[email protected]> wrote: > > > >>>>>>>>> Reviving this thread from before... I would like to have a > > >>>>>>>>> shell > > >>>>>>>>> script use wget to authenticate itself and access the data in > > >>>>>>>>> a web2py > > >>>>>>>>> application, but I haven't been able to get the web2py app to > > >>>>>>>>> accept > > >>>>>>>>> the post'ed email and password information, which I sent to > > >>>>>>>>> the user/ > > >>>>>>>>> loginURL. Is this the right way to do it? > > > >>>>>>>>> I see some passing references to alternate authorization > > >>>>>>>>> methods in > > >>>>>>>>> the documentation and the code, but I haven't been able to > > >>>>>>>>> get much > > >>>>>>>>> detail on what those might be. For example- > > > >>>>>>>>>http://mdp.cti.depaul.edu/examples/default/ > > >>>>>>>>> tools#authentication: > > >>>>>>>>> "TheAuthcalls can be extended, personalized, and replaced by > > >>>>>>>>> other > > >>>>>>>>> authentication mechanisms which expose a similar interface." > > > >>>>>>>>> and > > >>>>>>>>> inhttp://mdp.cti.depaul.edu/examples/static/epydoc/web2py.gluon.tools-p > > >>>>>>>>> ... > > >>>>>>>>> : > > >>>>>>>>> 644 if not user: > > >>>>>>>>> 645 ## try alternateloginmethods > > >>>>>>>>> 646 for login_method in > > >>>>>>>>> self.settings.login_methods: > > >>>>>>>>> 647 if login_method != self and \ > > >>>>>>>>> 648 login_method(request.vars > > >>>>>>>>> [username], > > >>>>>>>>> 649 > > >>>>>>>>> request.vars.password): > > >>>>>>>>> 650 user = self.get_or_create_user > > >>>>>>>>> (form.vars) > > > >>>>>>>>> Is there a place where I can find out more about what already > > >>>>>>>>> exists, > > >>>>>>>>> or how to go about getting something like what the original > > >>>>>>>>> message in > > >>>>>>>>> this > > ... > > read more » --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
