sorry for the late answer...
in order to let web2py be a real kickass framework also for web
services, I think that some validators have to be rewritten/added.
Usually I tend not to harrass the devs if what I want isn't there, but
you look real active, so...I think that web2py needs 1 more setting
(like "allow_basic_login_only=True") and:
- let basic auth be the only auth system (i.e. now basic auth is
alternative to "normal" auth, and if headers are not found web2py kick
in the "normal" system))
- return a 401 if headers of basic authentication are not in the
request (could be optional and taken care by the "real" webserver, but
I think is needed)
- return a 403 if user has no permission (instead of being redirected
to login)
- a general rewrite of validators where if user has_no_perm
(required_login, has_membership, has_permission, etc etc etc) a 403 is
returned and not a redirect
This could lead to break backward compatibility, and it's the reason
behind I didn't ask for this in the beginning....taking out "redirect"
from the various place it's found on Auth() hardly will be
possible.... I though also to "change" some settings that by now are
"where you want the user to be redirected" to a real function i.e.
instead of:
if foo and not bar:
redirect(self.settings.login_url + \
'?_next='+urllib.quote(next))
making something like
if foo and not bar:
auth.settings.foobar
with the scaffolding app (or the default values) being:
auth.settings.foobar = redirect(self.settings.login_url + '?
_next='+urllib.quote(next))
so I could make auth.settings.foobar = raise HTTP(403) or something
like that
Sorry if I explained myself wrong, feel free to ask explanation
Niphlod
On 16 Ago, 05:52, mdipierro <[email protected]> wrote:
> How would you like it to work?
>
> On 15 Ago, 17:27, Niphlod <[email protected]> wrote:
>
>
>
> > how are you posting data to the consumer ?
>
> > apart from auth.settings.allow_basic_login = True there's nothing I
> > did to enable it....and it's working (sadly not the way I'd like, but
> > works as intended (additional method of authentication...))- Nascondi testo
> > citato
>
> - Mostra testo citato -
