On Jul 16, 2009, at 7:57 AM, mdipierro wrote: > PS. > > You can do still handle any type of special char in the url by using > routes and mapping some args into a vars.
I suppose that solves the immediate problem, but along with the entirely legitimate role of web2py in machine-to-machine communications, where human readability is irrelevant, there's no real enforcement of readability anyway. Which of these is more human- readable, anyway? http://localhost:8000/init/default/json_read_nologin/user%40domain.com http://localhost:8000/init/default/json_read_nologin?email=user%40domain.com http://localhost:8000/init/default/json_read_nologin/dXNlckBkb21haW4uY29tCg web2py objects to the first, but not the second (vars) or third (base64), both of which include 'encoded characters'. > > > > On Jul 16, 9:54 am, mdipierro <[email protected]> wrote: >> This is a big can of worms. >> >> @ is a reserved character and if used in urls, it should be >> encoded. I >> do not want encoded chars in the URL because this defies the all >> purpose: readability by humans. >> >> Massimo >> >> On Jul 16, 9:07 am, Jonathan Lundell <[email protected]> wrote: >> >>> On Jul 16, 2009, at 6:35 AM, Jonathan Lundell wrote: >> >>>> On Jul 16, 2009, at 6:18 AM, mdipierro wrote: >> >>>>> web2py validates the URL and does allow the @ sign in the URL, >>>>> only >>>>> alphanumaric characters, _, - and non-consecutive . and /. >> >>>> Did you mean "does not allow"? Shouldn't the validation be more >>>> generous in the args section? There's nothing wrong with this as an >>>> http URL: >> >>>> http://localhost:8000/init/default/json_read_nologin/user%40domain.com >> >>>> (Where does the validation happen?) >> >>> OK, that last was a dumb question, since I just finished >>> reformatting >>> regex_url. >> >>> So here's the validation for args: ([\w\-][\=\./]?)+ >> >>> I don't want to make a proposal here, since I have no idea what args >>> consumers are assuming for validation. But it does seem reasonable >>> in >>> the abstract to allow a little more than this pattern permits. >> >>> (And I could see piggybacking on the IS_HTTP_URL validator for the >>> first cut.) >> >>>>> On Jul 16, 2:07 am, David Watson <[email protected]> wrote: >>>>>> I'm using web2py 1.65.5 with google app engine. >> >>>>>> I've run into a problem with request.args in relation to my json >>>>>> calls: >> >>>>>> @service.json >>>>>> def json_read_nologin(): >>>>>> return request.args[0] >> >>>>>> or the same function defined sans the service decorator, both >>>>>> work >>>>>> fine, as long as I don't pass something containing an @ sign, >>>>>> i.e. >> >>>>>> http://localhost:8000/init/default/json_read_nologin/[email protected] >> >>>>>> this generates an invalid request even if url encoded: >> >>>>>> http://localhost:8000/init/default/json_read_nologin/user >>>>>> %40domain.com >> >>>>>> I'm not sure what I'm doing wrong here but this behavior doesn't >>>>>> seem >>>>>> like what I'd expect. >> >>>>>> Thanks, >>>>>> David >> >>>>>> On Jun 23, 8:47 pm, mdipierro <[email protected]> wrote: >> >>>>>>> You cannot mix authorization and services this way. It is >>>>>>> complicated >>>>>>> an there are many cases.... >> >>>>>>> If you have >> >>>>>>> @auth.requires_login() >>>>>>> def acceptme(): >>>>>>> return 'accepted' >> >>>>>>> you can call "http://..../acceptme.json"; and you will get aJSON >>>>>>> response. You do not need the decorator. >> >>>>>>> @auth.requires_login() >>>>>>> @service.json() >>>>>>> def acceptme(): >>>>>>> return 'accepted' >>>>>>> def run(): return service() >> >>>>>>> exposes "http://..../service/json/acceptme"; before requiring >>>>>>> login. >> >>>>>>> @service.json() >>>>>>> def acceptme(): >>>>>>> return 'accepted' >>>>>>> @auth.requires_login() >>>>>>> def run(): return service() >> >>>>>>> this should work but will require login for all services >> >>>>>>> @service.json() >>>>>>> @auth.requires_login() >>>>>>> def acceptme(): >>>>>>> return 'accepted' >>>>>>> def run(): return service() >> >>>>>>> this is not completely clear to me why does not work but I see >>>>>>> some >>>>>>> logical problems. >> >>>>>>> Massimo >> >>>>>>> On Jun 23, 7:31 pm, Hasanat Kazmi <[email protected]> >>>>>>> wrote: >> >>>>>>>> Here is an interesting behavior. >>>>>>>> i have following function >> >>>>>>>> @auth.requires_login() >>>>>>>> @service.json >>>>>>>> @service.jsonrpc >>>>>>>> def acceptme(): >>>>>>>> return "accepted" >> >>>>>>>> in this case, whatever username and password I give, I get >>>>>>>> returned >>>>>>>> "accepted" but if I put @auth.requires_login() after >>>>>>>> @service.jsonrpc, >>>>>>>> it always returns me "Object does not exist" . >> >>>>>>>> I call it like >>>>>>>> this:http://hasanatkazmi%40gmail.com:**...@localhost:8000/sahana/admin/cal >>>>>>>> ... >> >>>>>>>> Anyone has an idea whats going on? >> >>>>>>>> On Jun 4, 7:28 am, Alexei Vinidiktov >>>>>>>> <[email protected]> >>>>>>>> wrote: >> >>>>>>>>> I've tried this with the pyjamas tutorial and it didn't work. >>>>>>>>> I've >>>>>>>>> enabled user registration and registered a user whose >>>>>>>>> credentials are >>>>>>>>> used in the URL below. I got a server error when a function >>>>>>>>> requiring >>>>>>>>> user authentication was called. >> >>>>>>>>> I changed the line >> >>>>>>>>> JSONProxy.__init__(self, "../../default/call/jsonrpc", >>>>>>>>> ["getTasks", >>>>>>>>> "addTask","deleteTask"]) >> >>>>>>>>> to read >> >>>>>>>>> JSONProxy.__init__(self, >>>>>>>>> "http://myemail%40gmail.com%[email protected]:8000/pyjamas/defaul >>>>>>>>> ...", >>>>>>>>> ["getTasks", "addTask","deleteTask"]) >> >>>>>>>>> What am I missing? >> >>>>>>>>> Thanks. >> >>>>>>>>> On Mon, Jun 1, 2009 at 12:51 PM, mdipierro >>>>>>>>> <[email protected]> wrote: >> >>>>>>>>>> OK. As you request since the latest version in trunk you >>>>>>>>>> can do >> >>>>>>>>>> @auth.requires_login() >>>>>>>>>> def index(): return 'hello world' >> >>>>>>>>>> and access it with >> >>>>>>>>>> curl -u username:passwordhttp://127.0.0.1:8000/app/default/ >>>>>>>>>> index >> >>>>>>>>>> or >> >>>>>>>>>> curlhttp://username:[email protected]:8000/app/default/ >>>>>>>>>> index >> >>>>>>>>>> In the latter case username and password have to be encoded >>>>>>>>>> by >>>>>>>>>> urllib.quote() >> >>>>>>>>>> works for services too. >> >>>>>>>>>> Massimo >> >>>>>>>>>> On May 31, 10:43 pm, Dan <[email protected]> wrote: >>>>>>>>>>> Since my last message on this thread, I came up with a patch >>>>>>>>>>> to the >>>>>>>>>>> Auth.login() code that lets me do what I need, so figured I >>>>>>>>>>> should >>>>>>>>>>> post it here. Let me know if you see any issues with this >>>>>>>>>>> approach (or >>>>>>>>>>> improvements to it). >> >>>>>>>>>>> To recap, what I want to do is to let a script runing wget >>>>>>>>>>> (not a >>>>>>>>>>> browser)loginand then work with some parts of the app that >>>>>>>>>>> require >>>>>>>>>>> membership in groups. I want to pass the user's name and >>>>>>>>>>> password to >>>>>>>>>>> theloginformusing post variables in the URL. This is not >>>>>>>>>>> normally >>>>>>>>>>> possible with web2py'sAuth.login() function, so it needs >>>>>>>>>>> to be >>>>>>>>>>> modified, like this- >> >>>>>>>>>>> referring to source code >>>>>>>>>>> here:http://www.web2py.com/examples/static/epydoc/web2py.gluon.tools-pysrc >>>>>>>>>>> ... >>>>>>>>>>> Change these 3 lines ... >>>>>>>>>>> 622 ifFORM.accepts(form, request.vars, session, >>>>>>>>>>> 623 formname='login', >>>>>>>>>>> 624 onvalidation=onvalidation): >> >>>>>>>>>>> ... to be these 3 lines: >>>>>>>>>>> if username in request.vars.keys() and request.vars.password >>>>>>>>>>> and \ >>>>>>>>>>> FORM.accepts(form, request.vars, >>>>>>>>>>> formname=None, onvalidation=onvalidation): >> >>>>>>>>>>> This change lets theformtake the username and password >>>>>>>>>>> from the >>>>>>>>>>> URL's post variables (or theformitself - but not both of >>>>>>>>>>> course). >>>>>>>>>>> Then my script willloginusing wget's optional arguments "-- >>>>>>>>>>> keep- >>>>>>>>>>> session-cookies --save-cookies=" when submitting the user >>>>>>>>>>> name >>>>>>>>>>> and >>>>>>>>>>> password to the app'sloginfunction. These wget options store >>>>>>>>>>> the >>>>>>>>>>> session cookie in a local file. Then subsequent wget calls >>>>>>>>>>> to >>>>>>>>>>> the >>>>>>>>>>> restricted parts of the app can use those cookies as a token >>>>>>>>>>> to gain >>>>>>>>>>> access with the option "--load-cookies=". >> >>>>>>>>>>> Apologies for straying a bit from the original use case of >>>>>>>>>>> this >>>>>>>>>>> thread, but perhaps it's general approach will be a helpful >>>>>>>>>>> hint. >> >>>>>>>>>>> Also: I don't fully understand what the purpose of the >>>>>>>>>>> "formname" >>>>>>>>>>> parameter is, or why it was necessary to None-ify it. If >>>>>>>>>>> someone can >>>>>>>>>>> explain this to me, I'd appreciate it. >> >>>>>>>>>>> Dan >> >>>>>>>>>>> On May 29, 6:15 pm, Dan <[email protected]> wrote: >> >>>>>>>>>>>> Reviving this thread from before... I would like to have a >>>>>>>>>>>> shell >>>>>>>>>>>> script use wget to authenticate itself and access the >>>>>>>>>>>> data in >>>>>>>>>>>> a web2py >>>>>>>>>>>> application, but I haven't been able to get the web2py >>>>>>>>>>>> app to >>>>>>>>>>>> accept >>>>>>>>>>>> the post'ed email and password information, which I sent to >>>>>>>>>>>> the user/ >>>>>>>>>>>> loginURL. Is this the right way to do it? >> >>>>>>>>>>>> I see some passing references to alternate authorization >>>>>>>>>>>> methods in >>>>>>>>>>>> the documentation and the code, but I haven't been able to >>>>>>>>>>>> get much >>>>>>>>>>>> detail on what those might be. For example- >> >>>>>>>>>>>> http://mdp.cti.depaul.edu/examples/default/ >>>>>>>>>>>> tools#authentication: >>>>>>>>>>>> "TheAuthcalls can be extended, personalized, and replaced >>>>>>>>>>>> by >>>>>>>>>>>> other >>>>>>>>>>>> authentication mechanisms which expose a similar >>>>>>>>>>>> interface." >> >>>>>>>>>>>> and >>>>>>>>>>>> inhttp://mdp.cti.depaul.edu/examples/static/epydoc/web2py.gluon.tools-p >>>>>>>>>>>> ... >>>>>>>>>>>> : >>>>>>>>>>>> 644 if not user: >>>>>>>>>>>> 645 ## try alternateloginmethods >>>>>>>>>>>> 646 for login_method in >>>>>>>>>>>> self.settings.login_methods: >>>>>>>>>>>> 647 if login_method != self and \ >>>>>>>>>>>> 648 login_method(request.vars >>>>>>>>>>>> [username], >>>>>>>>>>>> 649 >>>>>>>>>>>> request.vars.password): >>>>>>>>>>>> 650 user = self.get_or_create_user >>>>>>>>>>>> (form.vars) >> >>>>>>>>>>>> Is there a place where I can find out more about what >>>>>>>>>>>> already >>>>>>>>>>>> exists, >>>>>>>>>>>> or how to go about getting something like what the original >>>>>>>>>>>> message in >>>>>>>>>>>> this >> >> ... >> >> read more ยป > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
