ok, lets see how that goes On Sun, Jul 15, 2012 at 7:28 PM, Jonathan Lundell <[email protected]>wrote:
> On 15 Jul 2012, at 11:13 AM, Ehigie Aito wrote: > > only when the session expires according to web2py rules or the user > explicitly logs off > > > I'm thinking that it's overkill, and more trouble than it's worth, to use > web2py's Auth subsystem for this kind of authentication. Track the > authentication state in the session, and write your own Auth class that > implements what you need. Maybe call it something else to avoid confusion > (and you might want to use gluon.tools.Auth for your administrative > accounts anyway). > > A session then has an initial state, a password-sent state, and a > logged-in state (plus perhaps some housekeeping, like a failure count). > > No doubt you *could* hack around gluon.tools.Auth, but it doesn't seem > like it'd be less work. > > > On Sun, Jul 15, 2012 at 7:12 PM, Jonathan Lundell <[email protected]>wrote: > >> On 15 Jul 2012, at 11:10 AM, Ehigie Aito wrote: >> >> Just the telephone number and nothing else. >> >> >> And how persistent is the login? At what point do I as a user have to go >> through the SMS handshake again? >> >> >> On Sun, Jul 15, 2012 at 4:48 PM, Jonathan Lundell <[email protected]> >> wrote: >> >>> On 15 Jul 2012, at 6:48 AM, Pystar wrote: >>> >>> I am confused on how to implement this strange authentication mechanism >>> and incorporate it into web2py and make it work natively. >>> Take this as an example of how it would work: >>> There is no registration on the site, whenever a user wants to login to >>> perform any action, he clicks in the login button, which takes him to a >>> form where he enters his phone number and a random alphanumeric code is >>> generated and sent to his phone which he now enters and gets authenticated >>> and he can now perform whatever action he wants. >>> How do I get this to play with login_bare() and @auth.requires_login()? >>> >>> >>> A couple of questions. >>> >>> Does the user enter anything other than the phone number (and later the >>> code) as part of the login/auth process? >>> >>> How persistent is the login? >>> >>> >> >> > > >
