Looks like you can do:
auth.settings.allow_basic_login = True
auth.user = auth.basic()[2]
if auth.user:
etc.
But this doesn't appear to be documented. Perhaps auth.basic() should
automatically populate auth.user rather than simply returning it as part of
a tuple.
Anthony
On Thursday, May 31, 2012 10:12:14 PM UTC-4, G. Clifford Williams wrote:
>
> Given the following code snippet in a controller (default or any other):
>
> auth.settings.allow_basic_login = True
> def howdy():
> auth.settings.allow_basic_login = True
> response.view = 'generic.json'
> if auth.user:
> this_user = auth.user.id
> else:
> this_user = "unset"
> return dict(user=this_user)
> if the controller action is called as such:
> % curl --user '[email protected]:supersecretpassword'
> http://127.0.0.1:8000/myapp/controller/howdy
>
> this response you'll get it this:
> {"user": "unset"}
>
> The same goes for using auth.is_logged_in():
>
> The result is different, however, when you use one of the 'requires'
> decorators:
>
> auth.settings.allow_basic_login = True
>
> def howdy():
> auth.settings.allow_basic_login = True
> @auth.requires_login()
> def proforma():
> pass #empty function just to invoke auth.requires
> proforma() #call empty function
> response.view = 'generic.json'
> if auth.user:
> this_user = auth.user.id
> else:
> this_user = "unset"
> return dict(user=this_user)
> this results in:
> % curl --user '[email protected]:supersecretpassword'
> http://127.0.0.1:8000/myapp/controller/howdy
> {"user": 1}
>
> After some digging I discovered that in tools.py auth.requires_* ends up
> calling login_bare which is why the second one works. I realize that
> according to the book (
> http://web2py.com/books/default/chapter/29/9?search=login_bare)
> login_bare() can be called to login the user "manually". Unfortunately the
> examples for auth.settings.allow_basic_login in the manual/book (
> http://web2py.com/books/default/chapter/29/9#Access-Control-and-Basic-Authentication,
>
> http://web2py.com/books/default/chapter/29/9#Settings-and-messages , &
> http://web2py.com/books/default/chapter/29/10#Access-Control) don't
> address the fact that no login is actually executed without the decorators.
> With the last example if someone wanted to use that as a guide they might
> think that changing:
>
> @auth.requires_login()
> @request.restful()
> def api():
> def GET(s):
> return 'access granted, you said %s' % s
> return locals()
>
> to:
>
>
> @request.restful()
> def api():
> def GET(s):
>
> if auth.is_logged_in():
> return 'access granted, you said %s' % s
>
> else:
>
> return 'access denied'
> return locals()
>
>
> Should work, but they would be mistaken (and likely to spend much time
> trying to figure out why one worked and the other did not). I don't know
> whether it was the intention that using basic auth prevent a call to log
> the user in by default. It seems that either the code should be fixed or we
> should update the documentation to clarify that login_bare() should be
> called explicitly (directly or indirectly) to actually execute the login
> process.
>
>
