login_bare is a normal function, it is intended to login through ajax, but it cant be used in this case, since it requires raw password (not hash). I would create a table that maps hash of url (!!! Not url itself and not hash-like part of url) to user_id and then use auth.login_user as Carlos mentioned.
среда, 18 ноября 2020 г. в 16:19:35 UTC+3, [email protected]: > Thanks Carlos > > I couldnt find the login_user() function in the book but i did find it > here: > https://web2py.readthedocs.io/en/latest/_modules/gluon/tools.html#Auth.login_user > > > Does login_user(self, user) essentially bypass the normal > authentication process? > And is login_bare(self, username, password) the normal login function? > > Andrew > > > ___________________________ > *www.TenOutOfTen.org* <https://www.TenOutOfTen.org> > [email protected] > (+95) 09 250018669 <+95%209%20250%20018%20669> (Myanmar) > > > On Wed, 18 Nov 2020 at 21:26, Carlos Correia <[email protected]> > wrote: > >> On 17/11/20 22:24, Kenneth wrote: >> >> Hi, >> >> I tried searching the discussions but could not find anything like this >> being discussed. >> >> I'm looking into having users login into my app via an link/URL they >> receive via email. They just get an link no separate username and password. >> When the link is accessed they are logged in normally. The link would look >> like something like this: my.website.com/longhash4324kljhasdfasd9f87ads >> >> Does web2py already contain this function? >> >> >> Kenneth >> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/web2py/e8102d90-88c8-4a4c-abcb-96ba7aa54cddn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/web2py/e8102d90-88c8-4a4c-abcb-96ba7aa54cddn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> Hi, >> >> I would write the hash somewhere in the filesystem, create a controller >> to verify the hash, then use Auth.login_user() to authenticate the user. >> >> Having said that, please note that it is a (very) bad idea, since a "man >> in the middle" could easily intercept the mail and hack the session. >> >> Regards, >> >> Carlos Correia >> ========================= >> MEMÓRIA PERSISTENTE >> GSM: 917 157 146 (Signal, WhatsApp) >> e-mail: [email protected] >> URL: http://www.memoriapersistente.pt >> XMPP (Jabber): [email protected] >> >> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/web2py/00b9aa90-1458-f9c5-ae9b-703e740341d7%40memoriapersistente.pt >> >> <https://groups.google.com/d/msgid/web2py/00b9aa90-1458-f9c5-ae9b-703e740341d7%40memoriapersistente.pt?utm_medium=email&utm_source=footer> >> . >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/434776c9-cf49-4fbc-b251-1c49cd8ef32dn%40googlegroups.com.
