Auth works on local host, doesn't work on remote server
Alexei Vinidiktov
I'm beginning to learn user authentication. I've implemented a very
basic authentication using the Auth module that works fine on my local
machine: I can register a user, a confirmation email is sent out, the
user can confirm his email, login and logout.
I copied the app to a remote server and tried to register a user, but
after I entered all the user information and hit Submit I got
redirected back to the registration page and no email was sent to the
user being registered, no ticket was generated either.
I'd appreciate any clues.
I'm using web2py 1.59. My local machine is a WinXP box, the remote
server is on a Linux distro.
Thanks.
--
Alexei Vinidiktov
Alexei Vinidiktov
Additional info:
After my unsuccessful attempt to register I was redirected to the same
registration page (which is just a scaffold provided by web2py) and
then I looked at the session info by clicking on the corresponding
button and it said "auth : None, flash : Invalid email", but no flash
was shown to the user (i.e. to me). I tried different email, but
always got the same flash : invalid email in the session info.
--
Alexei Vinidiktov
Alexei Vinidiktov
I've updated my web2py installation on the remote server to the latest
version, but it didn't help.
Do you have any guesses at all as to what may be happening?
--
Alexei Vinidiktov
Alexei Vinidiktov
Another piece of information.
Logging in and logging out both do seem to work on the remote server,
only registration of new users doesn't work.
--
Alexei Vinidiktov
mdipierro
confirmation email. It is either the remote server not accepting the
smtp connection or, if you are using a third party smtp server, cold
be a firewall issue.
Massimo
On Apr 25, 11:52 pm, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
wrote:
Alexei Vinidiktov
It's got to be it. If I deliberately change the smtp info on my local
server to be incorrect, the app behaves the same as on the remote
server.
I've tried to send an email from the python shell at the remote server
via ssh and it worked fine.
What can I do to investigate the issue further?
Thanks.
Alexei Vinidiktov
mdipierro
if self.settings.mailer:
user[form.vars.id] = dict(registration_key=key)
if not self.settings.mailer.send(to=form.vars.email,
subject=self.messages.verify_email_subject,
message=self.messages.verify_email
% dict(key=key)):
self.db.rollback()
session.flash = self.messages.invalid_email
return form
session.flash = self.messages.email_sent
else:
session.flash = self.messages.registration_successful
try add some print statements to see what is going on.
Massimo
On 26 Apr, 12:00, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
wrote:
Alexei Vinidiktov
For testing purposes I've added two actions to my default controller:
sendmail and sendmail2. The first (sendmail ) uses the Mail class from
web2py, and the second
(sendmail2) uses the smtplib module directly.
sendmail() and sendmail2() both work fine on my local server.
sendmail2() works fine on the remote server (it returns True and sends
the message), but sendmail() doesn't, it returns False.
Here's what they look like:
def sendmail():
mail = Mail()
mail.settings.server='mail.mydomain.com:25'
mail.settings.sender='ale...@mydomain.com'
mail.settings.login= 'ale...@mydomain.com:password'
result = mail.send(to=['ale...@mydomain.ru'],subject='From
Web2py',message='sendmail')
return dict(result=result)
def sendmail2():
import smtplib
conn = smtplib.SMTP('mail.mydomain.com')
loginres = conn.login('ale...@mydomain.com', 'password')
conn.sendmail('ale...@mydomain.com', 'ale...@mydomain.ru', 'sendmail2')
conn.quit()
return dict(loginres=loginres)
Alexei Vinidiktov
mdipierro
def sendmail3():
conn.ehlo()
conn.starttls()
conn.ehlo()
conn.sendmail('ale...@mydomain.com', 'ale...@mydomain.ru',
'sendmail2')
conn.quit()
return dict(loginres=loginres)
conn.ehlo()
conn.starttls()
conn.ehlo()
is important for security else password is sent in the clear to the
email server. perhaps your email server is not setup for TLS.
On 26 Apr, 12:37, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
wrote:
Alexei Vinidiktov
I didn't implement the sendmail3 action, but I did something similar.
I've looked at the implementation of the mail method of the Mail class
and saw the calls that I didn't use: server.ehlo() and
server.starttls().
The call to server.starttls() at line 78 in tools.py doesn't work:
if self.settings.login:
server.ehlo()
server.starttls()
server.ehlo()
(username, password) = self.settings.login.split(':')
server.login(username, password)
server.sendmail(self.settings.sender, to, msg)
The error is "Attribute error: 'module' object has no attribute 'ssl'"
Why could that be? It's a Python error, isn't it?
If I comment out the lines server.starttls() and server.ehlo(), my
sendmail action begins to work.
I thought that the user registration form will begin to work too, but
it didn't. It behaves the same as before.
Will have to dig into the tools.py some more as you suggested in a
previous email.
Alexei Vinidiktov
mdipierro
without it.
Massimo
On 26 Apr, 13:14, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
wrote:
Alexei Vinidiktov
OK, I've finally got it figured out.
Turns out I used two different smtp servers in the sendmail action and
in the db.py, that's why sendmail started to work after I commented
out the call to starttls(), and the registration page didn't start
working. Now all the functions of user registration and authentication
seem to work fine on the remote server.
Now the problem is how to make starttls() work. Any clues about that?
And there's another one I didn't mention earlier.
Both on the local and remote server the user who's being registered
gets an email with a broken link like this:
"""
Click on the link
http://...verify_email/078f3dad-f248-4db6-8aee-603da176ad49 to verify
your email
"""
It should look like this:
http://domain.com/application/default/user/verify_email/078f3dad-f248-4db6-8aee-603da176ad49
Are there any settings of the Auth module that I've missed?
Thanks.
Alexei Vinidiktov
Alexei Vinidiktov
ago, I may have compiled it without pyopenssl. I'll try recompiling
it.
Alexei Vinidiktov
![Álvaro Justen [Turicas]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXBcQXThlzweDwwnyeZk0O8kG17NFWSeKqcGPhsCM3DVpfVyhJGJg=s40-c)
Álvaro Justen [Turicas]
<alexei.v...@gmail.com> wrote:
> Both on the local and remote server the user who's being registered
> gets an email with a broken link like this:
>
> """
> Click on the link
> http://...verify_email/078f3dad-f248-4db6-8aee-603da176ad49 to verify
> your email
> """
>
> It should look like this:
>
> http://domain.com/application/default/user/verify_email/078f3dad-f248-4db6-8aee-603da176ad49
>
web2py doesn't handle this automaticaly. You can change this message
with something like this:
from gluon.tools import Auth
auth = Auth(...)
...
auth.messages.verify_email = 'Click on the link
http://Your_site's_URL/verify_email/%(key)s to verify your email'
It can be added in future to web2py handles that automaticaly, getting
data from request - but for this work we must implement a way to get
FULL URL requested by user - it is a routes.py feature that I
requested some time ago.
--
Álvaro Justen
Peta5 - Telecomunicações e Software Livre
21 3021-6001 / 9898-0141
http://www.peta5.com.br/
Alexei Vinidiktov
<alvaro...@gmail.com> wrote:
>
> On Sun, Apr 26, 2009 at 3:50 PM, Alexei Vinidiktov
> <alexei.v...@gmail.com> wrote:
>> Both on the local and remote server the user who's being registered
>> gets an email with a broken link like this:
>>
>> """
>> Click on the link
>> http://...verify_email/078f3dad-f248-4db6-8aee-603da176ad49 to verify
>> your email
>> """
>>
>> It should look like this:
>>
>> http://domain.com/application/default/user/verify_email/078f3dad-f248-4db6-8aee-603da176ad49
>>
>
> web2py doesn't handle this automaticaly. You can change this message
> with something like this:
>
> from gluon.tools import Auth
> auth = Auth(...)
> ...
> auth.messages.verify_email = 'Click on the link
> http://Your_site's_URL/verify_email/%(key)s to verify your email'
>
> It can be added in future to web2py handles that automaticaly, getting
> data from request - but for this work we must implement a way to get
> FULL URL requested by user - it is a routes.py feature that I
> requested some time ago.
Thanks, Álvaro!
Are there any hard to overcome obstacles to implementing your feature request?
--
Alexei Vinidiktov
Álvaro Justen [Turicas]
> There is this code in gluon/tools.py
>
> if self.settings.mailer:
> user[form.vars.id] = dict(registration_key=key)
> if not self.settings.mailer.send(to=form.vars.email,
> subject=self.messages.verify_email_subject,
> message=self.messages.verify_email
> % dict(key=key)):
> self.db.rollback()
> session.flash = self.messages.invalid_email
> return form
> session.flash = self.messages.email_sent
> else:
> session.flash = self.messages.registration_successful
I think we can modify it to:
if self.settings.mailer:
user[form.vars.id] = dict(registration_key=key)
if not self.settings.mailer.send(to=form.vars.email,
subject=self.messages.verify_email_subject,
message=self.messages.verify_email
% dict(key=key)):
self.db.rollback()
"""<CHANGED>""""
session.flash = self.messages.cant_send_mail
"""</CHANGED>""""
return form
session.flash = self.messages.email_sent
else:
session.flash = self.messages.registration_successful
And add:
self.messages.cant_send_mail = 'Error sending verification
email. Try again later.''
If it is a valid or not email, we can verify with IS_EMAIL() valitator
- it is OK, Auth.define_tables() just do it.
Álvaro Justen [Turicas]
<alexei.v...@gmail.com> wrote:
> Thanks, Álvaro!
You're welcome.
> Are there any hard to overcome obstacles to implementing your feature request?
I don't know how web2py receives and handles requests from web server
- I didn't study this part of web2py's code. So, Massimo is the best
person to tell us about this.
Álvaro Justen [Turicas]
<alvaro...@gmail.com> wrote:
> On Sun, Apr 26, 2009 at 3:50 PM, Alexei Vinidiktov
> <alexei.v...@gmail.com> wrote:
>> Both on the local and remote server the user who's being registered
>> gets an email with a broken link like this:
>>
>> """
>> Click on the link
>> http://...verify_email/078f3dad-f248-4db6-8aee-603da176ad49 to verify
>> your email
>> """
>>
>> It should look like this:
>>
>> http://domain.com/application/default/user/verify_email/078f3dad-f248-4db6-8aee-603da176ad49
>>
>
> web2py doesn't handle this automaticaly. You can change this message
> with something like this:
>
> from gluon.tools import Auth
> auth = Auth(...)
> ...
> auth.messages.verify_email = 'Click on the link
> http://Your_site's_URL/verify_email/%(key)s to verify your email'
>
> It can be added in future to web2py handles that automaticaly, getting
> data from request - but for this work we must implement a way to get
> FULL URL requested by user - it is a routes.py feature that I
> requested some time ago.
Hi Alexei,
there is a new feature in trunk: request.env.original_uri. With this
and other request.env vars (path_info, http_host) I think you can do
what you want (specify verification URL in a "dynamic" way).