Good day Massimo,
the following are the snippets:
---- AppAuth/models/db.py ----
db = DAL('sqlite://storage.sqlite')
session.connect(request, response, db)
auth = Auth(globals(), db)
crud = Crud(globals(), db)
auth.settings.hmac_key = 'sha512:<secret key here>'
auth.define_tables(username=True)
crud.settings.auth = auth
---- AppA/models/db.py ----
db = DAL('sqlite://../../appauth/storage.sqlite') # <-- yes, point to the db
file in AppAuth
session.connect(request, response, db, masterapp='appauth')
auth = Auth(globals(), db)
auth.define_tables(migrate=False, username=True)
auth.settings.login_url = '/appauth/default/user/login'
---- AppA/controllers/default.py ----
@auth.requires_login()
def index():
response.view='index.html'
return dict()
@auth.requires_permission('sayhello')
def hello():
response.view='saysomething.html'
return dict(message=T("hello"))
The behavior of this in 1.96.1 (and 1.97.1) is that I will be able to login
and view the page provided in AppAuth, but when browse to AppA or AppB, it
will not be able to access it because auth says its not loggin. However all
this works in 1.95.1
If i go into web2py.gluon.tools.Auth and hack "current" to "current =
Storage(globals())" like it used to be in 1.95.1, and things works again.
I'm sure forcing "current" from threading.local() to something else
definitely is not the correct way of doing this (as i dont know what is the
intention of the "current" is using for as well : ).
Awaits your input, Many Thanks Massimo.
best,
Zeng
On Thu, Jul 21, 2011 at 8:44 PM, Massimo Di Pierro <
[email protected]> wrote:
> This change should not break it. Can you please show us the code that
> breaks and we will check what is going on? It is possible that one of
> the auth modules has not been patched correctly.
>
> Massimo
>
> On Jul 21, 11:02 am, zeng <[email protected]> wrote:
> > Hey guys,
> >
> > I'm currently running version 1.95.1 and have 3 application,
> > "AppAuth", "AppA", "AppB", AppA and AppB is using "AppAuth" to
> > authenticate logged in user and it has been working great.
> >
> > After upgrading 1.96.1 and cross app authentication no longer works,
> > some debuging lead to:
> > ----- web2py.gluon.tools.Auth ----
> > self.environment = current
> > request = current.request
> > session = current.session
> > ----- web2py.gluon.tools.Auth ----
> >
> > and "current" is a threading.local() in gluon.globals.py !!!
> >
> > In the good'o 1.95.1 the session and auth object is retrieved from
> > global() ,
> >
> > Question is, why is this changed? this seems to break the backward
> > compatibility "feature" of web2py, and what are the recommended
> > solutions now that global() is no longer used?
> >
> > Thanks!
>
