Tx you so much for the solution. This one was really holding me back. Miguel
On Tue, Jul 3, 2012 at 3:27 PM, Massimo Di Pierro < [email protected]> wrote: > There is more than one problem. > > 1) you can supply your own secret key but there is no need to. If the user > is logged-in, the secret key is randomly generated once per session. That > is more secure than having a global one > > 2) user_signature is a boolean, not a key > > 3) the signature in the url is not the key but the signature computed from > the url and from the key. > > Your code should be (I have not tried it): > > def index(): > return dict() > > @auth.requires_login() > def myform(): > form = SQLFORM.factory(Field('name', label='what\'s your name', > requires=IS_NOT_EMPTY())) > if form.process().accepted: > if form.vars.name: > session.name = form.vars.name + " ME" > response.js ="web2py_component('%s', 'cname_list')" % > URL('inter_component','name_list',user_signature=True) > return form > > @auth.requires_signature() > def name_list(): > > if session.name == None: > session.name = "0" > else: > session.name +=" 1" > return "Name list component: %s" % session.name > > # the view index.html > {{extend 'layout.html'}} > {{=LOAD('inter_component', 'myform', ajax=True, target="cmy_form")}} > {{=LOAD('inter_component', 'name_list', ajax=True, target='cname_list', > user_signature=True)}} > > > > > On Tuesday, 3 July 2012 06:49:56 UTC-5, miguel wrote: >> >> I just can't manage to make this work. >> I'm trying to follow the book by supplying a hmac_key. >> Here's the code: >> >> # controller inter_component.py >> >> HKEY='secret' # later to be stored in uuid generated and stored in >> session >> >> def index(): >> return dict(HKEY=HKEY) >> >> def myform(): >> form = SQLFORM.factory(Field('name', label='what\'s your name', >> requires=IS_NOT_EMPTY())) >> if form.process().accepted: >> if form.vars.name: >> session.name = form.vars.name + " ME" >> response.js ="web2py_component('/test_** >> signature/inter_component/**name_list?_signature=%s', 'cname_list')" % >> HKEY >> return form >> >> def name_list(): >> if not URL.verify(request, hmac_key=HKEY): raise HTTP(403) >> if session.name == None: >> session.name = "0" >> else: >> session.name +=" 1" >> return "Name list component: %s" % session.name >> >> # the view index.html >> {{extend 'layout.html'}} >> {{=LOAD('inter_component', 'myform', ajax=True, target="cmy_form")}} >> {{=LOAD('inter_component', 'name_list', ajax=True, target='cname_list', >> user_signature=HKEY)}} >> >> Miguel >> >> >> On Mon, Jul 2, 2012 at 11:41 AM, Miguel Lopes <[email protected]>wrote: >> >>> I have a view index.html with two components - myform and namelist. >>> The index action requires_login() and both myform and namelist actions >>> requires_signature() >>> This works as expected. >>> >>> The problem is that the update of namelist via response.js set in the >>> myform action fails. >>> >>> I figure that since in myform response.js is set to: >>> >>> response.js = >>> "web2py_component('/test_**signature/inter_component/**name_list', >>> 'cname_list')" >>> >>> This fails because the get var '_signature' that matches name_list is >>> missing. >>> >>> If I'm correct how can one access the signature of other components in >>> order to update the via the response.js mechanism? >>> Otherwise, how to update a digitally signed component via response.js? >>> >>> TIA >>> Miguel >>> >>> >>
