[web2py] Re: Trying to implement token authentication for web service

Fri, 16 Sep 2011 10:02:26 -0700 

request.args(0) does not seem to work.  When I try Massimo's
suggestion for a token check, I get the traceback below on the error
ticket.  I've tested the database query, and it works fine.  Also, the
service call works fine when I remove the token check.  This is what I
get when I use curl to call
https://mysite.com/myapp/api/call/run/myservice?token=cxvkYdjuH8azQnBPR175&serviceargument=1234

Traceback (most recent call last):
  File "/home/www-data/web2py/gluon/restricted.py", line 192, in
restricted
    exec ccode in environment
  File "/home/www-data/web2py/applications/app/controllers/api.py",
line 60, in <module>
  File "/home/www-data/web2py/gluon/globals.py", line 145, in <lambda>
    self._caller = lambda f: f()
  File "/home/www-data/web2py/applications/app/controllers/api.py",
line 53, in call
    if row.token == token:
AttributeError: 'NoneType' object has no attribute 'token'

It would appear that the request.vars(0) is getting a None result when
I try to grab it.  What am I doing wrong?

Thank you,

Eric

On Sep 15, 11:15 pm, Massimo Di Pierro <[email protected]>
wrote:
> Looking at your code again:
>
> @auth.requires_login()
> def call(token):
>     row = db(db.subscription.token == token).select().first()
>     my_number = row.my_calls
>     if my_number > 0 & my_token == token:
>         db(db.subscription.token ==
> my_token).update(my_calls=db.subscription.my_calls-1)
>         return service()
>     else:
>         raise Exception()
>
> I see two problems:
> 1)
> you have both @auth.requires_login() which only works if you enable
> auth.allow_basic_login = True
> and you have token authentication. Are you sure you want two
> authentications one on top of the other?
> 2)
> call is a method and cannot take arguments.
>
> If your intention is passing the token as request.args(0) simply do:
>
> def call():
>     token = request.args(0) # grab the token
>     row = db(db.subscription.token == token).select().first()
>     my_number = row.my_calls
>     if my_number > 0 & my_token == token:
>         db(db.subscription.token ==
> my_token).update(my_calls=db.subscription.my_calls-1)
>         del request.args[0] # make sure you remove the token else you
> may mess-up some services.
>         return service()
>     else:
>         raise Exception()
>

Reply via email to