There is a major problem with the VPS that hosts the book. It is down and can no longer login into it. I am forced to restore it as May 29. This change will be lost. Sorry Anthony.
Massimo On Thursday, 31 May 2012 23:05:09 UTC-5, Anthony wrote: > > Just updated the book: > http://web2py.com/books/default/chapter/29/9#Access-Control-and-Basic-Authentication > > Anthony > > On Thursday, May 31, 2012 10:54:50 PM UTC-4, Anthony wrote: >> >> Sorry, forgot login_bare adds the user to auth, so it's simpler: >> >> auth.settings.allow_basic_login = True >> auth.basic() >> if auth.user: >> etc. >> >> Anthony >> >> On Thursday, May 31, 2012 10:49:04 PM UTC-4, Anthony wrote: >>> >>> If you can confirm that this works, I'll add it to the book. >>> >>> On Thursday, May 31, 2012 10:48:21 PM UTC-4, Anthony wrote: >>>> >>>> Looks like you can do: >>>> >>>> auth.settings.allow_basic_login = True >>>> auth.user = auth.basic()[2] >>>> if auth.user: >>>> etc. >>>> >>>> But this doesn't appear to be documented. Perhaps auth.basic() should >>>> automatically populate auth.user rather than simply returning it as part >>>> of >>>> a tuple. >>>> >>>> Anthony >>>> >>>> On Thursday, May 31, 2012 10:12:14 PM UTC-4, G. Clifford Williams wrote: >>>>> >>>>> Given the following code snippet in a controller (default or any >>>>> other): >>>>> >>>>> auth.settings.allow_basic_login = True >>>>> def howdy(): >>>>> auth.settings.allow_basic_login = True >>>>> response.view = 'generic.json' >>>>> if auth.user: >>>>> this_user = auth.user.id >>>>> else: >>>>> this_user = "unset" >>>>> return dict(user=this_user) >>>>> if the controller action is called as such: >>>>> % curl --user '[email protected]:supersecretpassword' >>>>> http://127.0.0.1:8000/myapp/controller/howdy >>>>> >>>>> this response you'll get it this: >>>>> {"user": "unset"} >>>>> >>>>> The same goes for using auth.is_logged_in(): >>>>> >>>>> The result is different, however, when you use one of the 'requires' >>>>> decorators: >>>>> >>>>> auth.settings.allow_basic_login = True >>>>> >>>>> def howdy(): >>>>> auth.settings.allow_basic_login = True >>>>> @auth.requires_login() >>>>> def proforma(): >>>>> pass #empty function just to invoke auth.requires >>>>> proforma() #call empty function >>>>> response.view = 'generic.json' >>>>> if auth.user: >>>>> this_user = auth.user.id >>>>> else: >>>>> this_user = "unset" >>>>> return dict(user=this_user) >>>>> this results in: >>>>> % curl --user '[email protected]:supersecretpassword' >>>>> http://127.0.0.1:8000/myapp/controller/howdy >>>>> {"user": 1} >>>>> >>>>> After some digging I discovered that in tools.py auth.requires_* ends >>>>> up calling login_bare which is why the second one works. I realize that >>>>> according to the book ( >>>>> http://web2py.com/books/default/chapter/29/9?search=login_bare) >>>>> login_bare() can be called to login the user "manually". Unfortunately >>>>> the >>>>> examples for auth.settings.allow_basic_login in the manual/book ( >>>>> http://web2py.com/books/default/chapter/29/9#Access-Control-and-Basic-Authentication, >>>>> >>>>> http://web2py.com/books/default/chapter/29/9#Settings-and-messages , >>>>> & http://web2py.com/books/default/chapter/29/10#Access-Control) don't >>>>> address the fact that no login is actually executed without the >>>>> decorators. >>>>> With the last example if someone wanted to use that as a guide they might >>>>> think that changing: >>>>> >>>>> @auth.requires_login() >>>>> @request.restful() >>>>> def api(): >>>>> def GET(s): >>>>> return 'access granted, you said %s' % s >>>>> return locals() >>>>> >>>>> to: >>>>> >>>>> >>>>> @request.restful() >>>>> def api(): >>>>> def GET(s): >>>>> >>>>> if auth.is_logged_in(): >>>>> return 'access granted, you said %s' % s >>>>> >>>>> else: >>>>> >>>>> return 'access denied' >>>>> return locals() >>>>> >>>>> >>>>> Should work, but they would be mistaken (and likely to spend much time >>>>> trying to figure out why one worked and the other did not). I don't know >>>>> whether it was the intention that using basic auth prevent a call to log >>>>> the user in by default. It seems that either the code should be fixed or >>>>> we >>>>> should update the documentation to clarify that login_bare() should be >>>>> called explicitly (directly or indirectly) to actually execute the login >>>>> process. >>>>> >>>>>
