There is more than one problem.
1) you can supply your own secret key but there is no need to. If the user
is logged-in, the secret key is randomly generated once per session. That
is more secure than having a global one
2) user_signature is a boolean, not a key
3) the signature in the url is not the key but the signature computed from
the url and from the key.
Your code should be (I have not tried it):
def index():
return dict()
@auth.requires_login()
def myform():
form = SQLFORM.factory(Field('name', label='what\'s your name',
requires=IS_NOT_EMPTY()))
if form.process().accepted:
if form.vars.name:
session.name = form.vars.name + " ME"
response.js ="web2py_component('%s', 'cname_list')" %
URL('inter_component','name_list',user_signature=True)
return form
@auth.requires_signature()
def name_list():
if session.name == None:
session.name = "0"
else:
session.name +=" 1"
return "Name list component: %s" % session.name
# the view index.html
{{extend 'layout.html'}}
{{=LOAD('inter_component', 'myform', ajax=True, target="cmy_form")}}
{{=LOAD('inter_component', 'name_list', ajax=True, target='cname_list',
user_signature=True)}}
On Tuesday, 3 July 2012 06:49:56 UTC-5, miguel wrote:
>
> I just can't manage to make this work.
> I'm trying to follow the book by supplying a hmac_key.
> Here's the code:
>
> # controller inter_component.py
>
> HKEY='secret' # later to be stored in uuid generated and stored in
> session
>
> def index():
> return dict(HKEY=HKEY)
>
> def myform():
> form = SQLFORM.factory(Field('name', label='what\'s your name',
> requires=IS_NOT_EMPTY()))
> if form.process().accepted:
> if form.vars.name:
> session.name = form.vars.name + " ME"
> response.js
> ="web2py_component('/test_signature/inter_component/name_list?_signature=%s',
> 'cname_list')" % HKEY
> return form
>
> def name_list():
> if not URL.verify(request, hmac_key=HKEY): raise HTTP(403)
> if session.name == None:
> session.name = "0"
> else:
> session.name +=" 1"
> return "Name list component: %s" % session.name
>
> # the view index.html
> {{extend 'layout.html'}}
> {{=LOAD('inter_component', 'myform', ajax=True, target="cmy_form")}}
> {{=LOAD('inter_component', 'name_list', ajax=True, target='cname_list',
> user_signature=HKEY)}}
>
> Miguel
>
>
> On Mon, Jul 2, 2012 at 11:41 AM, Miguel Lopes <[email protected]>wrote:
>
>> I have a view index.html with two components - myform and namelist.
>> The index action requires_login() and both myform and namelist actions
>> requires_signature()
>> This works as expected.
>>
>> The problem is that the update of namelist via response.js set in the
>> myform action fails.
>>
>> I figure that since in myform response.js is set to:
>>
>> response.js =
>> "web2py_component('/test_signature/inter_component/name_list',
>> 'cname_list')"
>>
>> This fails because the get var '_signature' that matches name_list is
>> missing.
>>
>> If I'm correct how can one access the signature of other components in
>> order to update the via the response.js mechanism?
>> Otherwise, how to update a digitally signed component via response.js?
>>
>> TIA
>> Miguel
>>
>>
>
