Ok! Thanks. If I run up against this limitation, I'll send in a patch. On Thu, Oct 1, 2009 at 12:16 PM, mdipierro <[email protected]> wrote: > > > > On Oct 1, 11:04 am, Dmitri Zagidulin <[email protected]> wrote: >> Ahh, ok! Makes sense now. >> I think I misunderstood the tutorial, and thought that you have to add >> form=auth() to the return dict of every function that's auth- >> protected, not just to user(). >> >> Thanks again for your help! It works now. >> >> Quick question, though, about the vars being dropped -- what if I have >> parameters in a link to a protected page that I do need carried >> forward through the login redirection? >> Say I have a report with name-value parameters, like: >> myreport?arg1=value1&arg2=value2, >> >> and myreport is auth-protected. And a user runs the report, lets his >> session time out (or copies and pastes the url and uses it on another >> computer), and tries to run that report again? The user would need to >> log in again, and would lose the parameters in vars? > > yes > >> I understand that request.vars are necessary to handle the login form >> after redirection, but shouldn't there be some way to preserve the >> vars pre-login, and still handle the login form correctly? > > I think when the redirection occurs the complete original URL > (r=reuquest.args=request.args,vars=request.vars) should be b16encoded > and stored in _next so that, after login, one can redirect to the > proper URL. > I would take a patch to do it. > >> On Oct 1, 11:39 am, mdipierro <[email protected]> wrote: >> >> > That is not the problem but now I understand the problem >> > Consider this: >> >> > def test1(): return dict(vars=BEAUTIFY(request.vars)) >> >> > @auth.requires_login() >> > def test2(): return dict(vars=BEAUTIFY(request.vars)) >> >> > @auth.requires_login() >> > def test3(): >> > response.flash = str(request.vars) >> > return dict(form=auth()) >> >> > The login and try:http://..../test1?hello=world >> > workshttp://..../test2?hello=world workshttp://..../test3?hello=world (*) >> >> > (*) does not do what you expect because you call auth() inside a >> > function that requires_login. auth() overrides the login because >> > thinks it is its jobs to check login and performs a redirection. The >> > request.vars are not carried forward with redirection and that is >> > according to the specs, since request.vars are necessary to handle the >> > login form after redirection. >> >> > The issue is you should not call auth() inside a function that >> > requires_login because they conflict. Perhaps if you explain us what >> > you are trying to accomplish we can be more helpful. >> >> > Massimo >> >> > On Oct 1, 10:20 am, Dmitri Zagidulin <[email protected]> wrote: >> >> > > Aha! I'm glad you said this. >> >> > > I tried out your tests above, and they did indeed work. >> >> > > The difference between those and my function in the initial post that >> > > did not work is that test1 returns a string directly, and the test >> > > index() above returns a dictionary, like in the auth tutorial: >> > > @auth.requires_login() >> > > def index(): >> > > """ >> > > Login-protected index page >> > > """ >> > > response.flash = str(request.vars) >> > > return dict(form=auth()) >> >> > > When you pass an arg to an auth-protected function that returns dict >> > > (form=auth()), that arg results in a 404. (And the vars just get >> > > dropped). >> > > But if I don't return form=auth(), then the function is not actually >> > > auth-protected, and does not prompt for login, etc. >> >> > > So, can you try that? >> >> > > On Sep 30, 5:57 pm, mdipierro <[email protected]> wrote: >> >> > > > Sorry, I did not mean to say I do not believe you. >> > > > I meant to say that either I do not understand the question or >> > > > something else is going on in your code. >> >> > > > I just did the following test: >> >> > > > a new app >> >> > > > def test1: return repr(dict(request.vars)) >> >> > > > @auth.requires_login() >> > > > def test2: return repr(dict(request.vars)) >> >> > > > and then logged in and >> > > > visitedhttp://..../test1?hello=worldhttp://..../test2?hello=world >> >> > > > They both show >> >> > > > {'hello': 'world'} >> >> > > > If this does not work for you then there is a major problem but it is >> > > > not in auth.requires_login(). Please tell us more about the OS, the >> > > > Python version. >> >> > > > Massimo >> >> > > > On Sep 30, 2:55 pm, Dmitri Zagidulin <[email protected]> wrote: >> >> > > > > Then how do I account for the fact that (while being logged in) if I >> > > > > remove the requires_login() decorator, I can access the vars inside >> > > > > the function, >> > > > > but if I put back the decorator, I cannot see the vars? And, >> > > > > similarly >> > > > > - if I don't have requires_login, args get loaded into the args >> > > > > dictionary, but if I do have the requires_login, I get a 404 NOT >> > > > > FOUND? >> >> > > > > If you don't believe me, can you at least point me in the right >> > > > > direction (as far as explaining the workflow) -- since I'm not seeing >> > > > > the vars in the logging statement in Augh > requires_login() > >> > > > > decorator() -- where does requires_login get called from? Maybe I can >> > > > > track down where the vars are being lost. >> >> > > > > Any suggestions appreciated. >> >> > > > > On Sep 30, 3:46 pm, mdipierro <[email protected]> wrote: >> >> > > > > > I am sure that is not the case. If you submit vars to a function >> > > > > > that >> > > > > > requires login and you are not login you are redirected to login >> > > > > > (in >> > > > > > this case vars are lost, args are not), but if you are logged in >> > > > > > the >> > > > > > function works normally and the vars are in request.vars. >> >> > > > > > On Sep 30, 2:28 pm, Dmitri Zagidulin <[email protected]> wrote: >> >> > > > > > > It looks like functions that are decorated with >> > > > > > > auth.requires_login() >> > > > > > > are not receiving their request.vars dictionary from the url. >> >> > > > > > > For example, say I have an auth-protected function in a >> > > > > > > controller: >> >> > > > > > > @auth.requires_login() >> > > > > > > def index(): >> > > > > > > """ >> > > > > > > Login-protected index page >> > > > > > > """ >> > > > > > > response.flash = str(request.vars) >> > > > > > > ... >> >> > > > > > > And then link to it from another page: >> > > > > > > {{=A('My Index', _href=URL(r=request, f='index', vars={'testvar': >> > > > > > > 999}))}} >> >> > > > > > > Assuming that I'm previous logged in, the flash results in an >> > > > > > > empty >> > > > > > > dictionary -- no vars are actually passed in. >> > > > > > > (Now, if I remove the requires_login() decorator, I can see the >> > > > > > > 'testvar' variable just fine). >> >> > > > > > > Looking in gluon/tools.py > Auth > requires_login(), on line >> > > > > > > 1418, I >> > > > > > > noticed that while request.args are being encoded and passed >> > > > > > > onto the >> > > > > > > login url, request.vars are not. >> >> > > > > > > But when I added that in, so that the decorator now encoded and >> > > > > > > passed >> > > > > > > on the vars, restarted the server, etc, the flash was still >> > > > > > > coming up >> > > > > > > empty -- the vars were not being passed on. >> >> > > > > > > I put in a logging statement into the decorator (right around >> > > > > > > line >> > > > > > > 1416), to see if self.environment.request.vars are at least set >> > > > > > > correctly in the body of the function. >> > > > > > > And they are not -- the 'testvar' variable is not making it into >> > > > > > > the >> > > > > > > decorator at all. >> >> > > > > > > Is this a bug or a feature? And if feature, how do I pass vars >> > > > > > > into >> > > > > > > an >> > > > > > > auth-protected function? >> >> > > > > > > Also, passed-in args are not being handled correctly either. >> > > > > > > For instance, for the index() function above, if I link to it >> > > > > > > like so: >> > > > > > > {{=A('My Index', _href=URL(r=request, f='index', >> > > > > > > args='testarg'))}} >> >> > > > > > > and display the contents of display.args (as a response.flash, >> > > > > > > etc), >> > > > > > > and >> > > > > > > do NOT auth-protect it, the testarg shows up. >> > > > > > > But if I decorate it with requires_login, and click on that same >> > > > > > > link, >> > > > > > > I >> > > > > > > get a >> > > > > > > 404 NOT FOUND >> >> > > > > > > So, it seems like instead of loading 'testarg' into the contents >> > > > > > > of >> > > > > > > args, it tries to parse it as part of post-login routing. > > >
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
