web2py 2.13.3 is OUT
1,244 views
Skip to first unread message
Massimo Di Pierro
Dec 24, 2015, 10:21:42 AM12/24/15
to web2py-users
web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!!
It contains some bug fixes for bugs introduced in 2.13.1-2 and most importantly it contains experimental support for JWT. Here is how it works:
1) instantiate auth with
auth = Auth(db, jwt = {'secret_key':'secret'})
where 'secret' is your own secret string.
2) Secorate functions that require login but should accept the JWT token credentials:
@auth.allows_jwt()
@auth.requires_login()
def myapi(): return 'hello %s' % auth.user.email
Notice jwt is allowed but not required. if user is logged in, myapi is accessible.
3) Use it!
Now API users can obtain a token with
http://.../app/default/user/jwt?username=...&password=....
(returns json object with a token attribute)
API users can refresh an existing token with
http://.../app/default/user/jwt?token=...
they can authenticate themselves when calling http:/.../myapi by injecting a header
Authorization: Bearer <the jwt token>
Any additional attributes in the jwt argument of Auth() below:
auth = Auth(db, jwt = {...})
are passed to the constructor of class AuthJWT. Look there for documentation.
Thanks Niphlod again for implementing this.
Please help us check it so we will declare it stable in the next release.
Massimo
Seth J
Dec 24, 2015, 12:11:27 PM12/24/15
to web...@googlegroups.com
Hi Massimo,
Error snapshot
I just upgraded from 2.9.5 and it seemed to kill my LDAP authorization:
<type 'exceptions.SyntaxError'> invalid syntax (ldap_auth.py, line 435)
Version
| web2py™ | Version 2.13.3-stable+timestamp.2015.12.24.15.09.20 |
|---|---|
| Python | Python 2.6.6: /usr/bin/python (prefix: /usr) |
Traceback
1. | Traceback (most recent call last): |
Error snapshot 
<type 'exceptions.SyntaxError'>(invalid syntax (ldap_auth.py, line 435))
Ovidio Marinho
Dec 24, 2015, 3:21:05 PM12/24/15
to web...@googlegroups.com
+1 testing
2015-12-24 15:11 GMT-02:00 Seth J <iva...@vsevolod.com>:
Hi Massimo,I just upgraded and it seemed to kill my LDAP authorization:
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
greenpoise
Dec 24, 2015, 5:54:28 PM12/24/15
to web2py-users
I get this error upon restarting web2py after update:
Traceback (most recent call last): File "Applications/web2py/web2py.py", line 6, in <module> import gluon.widget File "/home/danel/Applications/web2py/gluon/widget.py", line 26, in <module> import gluon.main as main File "/home/danel/Applications/web2py/gluon/main.py", line 121, in <module> raise RuntimeError("Cannot determine web2py version")RuntimeError: Cannot determine web2py version
Seth J
Dec 24, 2015, 6:50:34 PM12/24/15
to web2py-users
Definitely something has gone awry there. I replaced "ldap_auth.py" and "ldap_auth.pyc" from the 2.12.3 version and it works again.
Πέτρος Χατζηλάμπρος
Dec 25, 2015, 11:37:54 PM12/25/15
to web2py-users
Mrry Christmas!!!!
I am using linux mint and I have a folder named web2py on the ~/Desktop
I was using to run web2py by opening terminal and giving the command "python ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0".
After the update to version 2.13.3 the following error appears
Traceback (most recent call last):
File "/home/tsouras/Desktop/web2py/web2py.py", line 6, in <module>
import gluon.widget
File "/home/tsouras/Desktop/web2py/gluon/widget.py", line 26, in <module>
import gluon.main as main
File "/home/tsouras/Desktop/web2py/gluon/main.py", line 125, in <module>
raise RuntimeError("Cannot determine web2py version")
RuntimeError: Cannot determine web2py version
So, I did some debugging and I found out that global_settings.gluon_parent is "/home/tsouras" instead of being "/home/tsouras/Desktop/web2py"
I overcome this problem by opening terminal and giving command "cd ~Desktop/web2py" before giving the command "python ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0"
I did not have this problem using the previous version of web2py
Massimo Di Pierro
Dec 25, 2015, 11:44:14 PM12/25/15
to web2py-users
I do not understand. That line is not in 2.13.3. Can you try upgrade again?
Massimo Di Pierro
Dec 26, 2015, 12:04:11 AM12/26/15
to web2py-users
This is issue is now fixed in 2.13.4. :-)
Lou C
Dec 27, 2015, 2:02:09 AM12/27/15
to web2py-users
I am running version 2.13.4 on GAE which runs on python 2.7.5. The problem arises when using the @auth.allows_jwt() decorator. The error I get is AttributeError: 'module' object has no attribute 'compare_digest'.
Which is being called in :
def verify_signature(self, body, signature, secret):
mauth = hmac.new(key=secret, msg=body, digestmod=self.digestmod)
return hmac.compare_digest(self.jwt_b64e(mauth.digest()), signature)
I believe this is because hmac.py uses compare_digest in version 2.7.7. Anyway to use jwt on GAE ?
Massimo Di Pierro
Dec 27, 2015, 2:09:42 AM12/27/15
to web2py-users
good catch! we will have to refactor that to support earlier versions of python.
António Ramos
Dec 28, 2015, 2:05:04 PM12/28/15
to web...@googlegroups.com
can i do
@auth.requires_jwt()
I would like to use web2py just as a rest api , auth included...
Dave S
Dec 28, 2015, 3:55:12 PM12/28/15
to web2py-users
On Monday, December 28, 2015 at 11:05:04 AM UTC-8, Ramos wrote:
can i do@auth.requires_jwt()I would like to use web2py just as a rest api , auth included...
What's your environment?
/dps
/dps
António Ramos
Dec 28, 2015, 6:45:23 PM12/28/15
to web...@googlegroups.com
Vuejs/web components+semantic ui +some build tools like browserify to build just a single Js file out of many.
However I need a persistence/auth api.
Dave S
Dec 28, 2015, 10:56:35 PM12/28/15
to web2py-users
On Monday, December 28, 2015 at 3:45:23 PM UTC-8, Ramos wrote:
Vuejs/web components+semantic ui +some build tools like browserify to build just a single Js file out of many.However I need a persistence/auth api.
Are you running on GAE, PythonAnywhere, a VM type of hosting, or on a physical machine?
Which OS are you using?
/dps
On Monday, December 28, 2015 at 11:05:04 AM UTC-8, Ramos wrote:--can i do@auth.requires_jwt()I would like to use web2py just as a rest api , auth included...
What's your environment?
/dps
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.
António Ramos
Dec 29, 2015, 5:00:29 AM12/29/15
to web...@googlegroups.com
Just a windows machine... so far. its not a finished product yet
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
Massimo Di Pierro
Dec 29, 2015, 5:14:01 AM12/29/15
to web2py-users
You can do exactly that with web2py 2.13.4
except you need two validators instead of one:
@auth.allow_jwt()
@auth.requires_login()
which means that you want allow jwt to give you login-like privileges.
if you want you can do
def requires_jwt(func):
return auth.allow_jwt()(auth.requires_login()(func)
and then just use
@requires_jwt
as you want.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.
luis.va...@metamaxzone.com
Dec 30, 2015, 5:33:46 PM12/30/15
to web2py-users
What if i've two different applications (event in two differents machines) one for the front end of my site (all my views, form, etc...) and other to authenticate my users, i mean, a micro service architecture.
Dave S
Dec 30, 2015, 6:49:49 PM12/30/15
to web2py-users
On Wednesday, December 30, 2015 at 2:33:46 PM UTC-8, luis.va...@metamaxzone.com wrote:
What if i've two different applications (event in two differents machines) one for the front end of my site (all my views, form, etc...) and other to authenticate my users, i mean, a micro service architecture.
Does the web2py CAS support help with this? Assuming you're investigating the JWT support.
<URL:http://web2py.com/books/default/chapter/29/09/access-control#Central-Authentication-Service>
/dps
Luis Valladares
Dec 30, 2015, 7:07:35 PM12/30/15
to web...@googlegroups.com
All my applications are REST so CAS doesn't work I think
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/NUDpOmGLDTQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
Dave S
Dec 30, 2015, 8:03:23 PM12/30/15
to web2py-users
On Wednesday, December 30, 2015 at 4:07:35 PM UTC-8, Luis Valladares wrote:
All my applications are REST so CAS doesn't work I think
Currently not requiring login? You're using the REST decorator? And you want to add JWT for security?
In that direction, I'm wondering what @response.restfull() does with sessions.
<URL:http://web2py.com/books/default/chapter/29/10/services#Services-and-Authentication>
It appears that sessions (e.g. session cookies) are supported,
and I'd be trying to use the CAS approach in the call() routine.
This is speculation on my part; I'm not even a power user for auth.
/dps
Luis Valladares
Dec 30, 2015, 8:24:00 PM12/30/15
to web...@googlegroups.com
Now I'm using a token based authentication but it's server side, I store the data of the tokens inside a redis cluster server and make a request every time I want to retrieve this token data
Dmitri Ermolaev
Jan 3, 2016, 1:01:59 PM1/3/16
to web2py-users
hey - do you see cryptocurrency Auth?
in NEXT - http://nxt.org/ - it have token by user account in cryptocurrency
четверг, 24 декабря 2015 г., 18:21:42 UTC+3 пользователь Massimo Di Pierro написал:
четверг, 24 декабря 2015 г., 18:21:42 UTC+3 пользователь Massimo Di Pierro написал:
Jacinto Parga
Jan 4, 2016, 5:52:22 AM1/4/16
to web2py-users
Hi,
I upgraded from 2.11.2
I get a error ticket when I deploy to GAE:
Traceback (most recent call last):
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/runtime/wsgi.py", line 240, in Handle
handler = _config_handle.add_wsgi_middleware(self._LoadHandler())
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/runtime/wsgi.py", line 299, in _LoadHandler
handler, path, err = LoadObject(self._handler)
File "/base/data/home/runtimes/python27/python27_lib/versions/1/google/appengine/runtime/wsgi.py", line 85, in LoadObject
obj = __import__(path[0])
File "/base/data/home/apps/s~clubatletismosada/2.389741792186866429/gaehandler.py", line 62, in <module>
import gluon.main
File "/base/data/home/apps/s~clubatletismosada/2.389741792186866429/gluon/main.py", line 85, in <module>
logging.config.fileConfig(abspath("logging.conf"))
File "/base/data/home/runtimes/python27/python27_dist/lib/python2.7/logging/config.py", line 78, in fileConfig
handlers = _install_handlers(cp, formatters)
File "/base/data/home/runtimes/python27/python27_dist/lib/python2.7/logging/config.py", line 156, in _install_handlers
h = klass(*args)
File "/base/data/home/runtimes/python27/python27_dist/lib/python2.7/logging/handlers.py", line 117, in __init__
BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
File "/base/data/home/runtimes/python27/python27_dist/lib/python2.7/logging/handlers.py", line 64, in __init__
logging.FileHandler.__init__(self, filename, mode, encoding, delay)
File "/base/data/home/runtimes/python27/python27_dist/lib/python2.7/logging/__init__.py", line 902, in __init__
StreamHandler.__init__(self, self._open())
File "/base/data/home/runtimes/python27/python27_dist/lib/python2.7/logging/__init__.py", line 925, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 30] Read-only file system: '/base/data/home/apps/s~clubatletismosada/2.389741792186866429/logs/web2py.log'
Maybe I have missed something with the handlers?
Jacinto Parga
Jan 4, 2016, 7:30:02 AM1/4/16
to web2py-users
I have solved it.
I have removed logging.conf file from the web2py folder, but I don't know if it has undesidered consecuences!
Can it be harmful?
Thanks!
Massimo Di Pierro
Jan 5, 2016, 8:01:43 AM1/5/16
to web2py-users
No. perhaps the file just had wrong permissions.
Dave S
Jan 27, 2016, 2:19:40 AM1/27/16
to web2py-users
Should this thread be unpinned and the 2.13.4 thread pinned instead?
/dps
john sitjar
Jan 27, 2016, 8:01:17 PM1/27/16
to web2py-users
Good day sir I am new to web2py and extjs 6,I would like to ask if you have a tutorial on how to run an Extjs 6 app using web2py.thanks
Literate Aspects
Mar 5, 2016, 2:27:16 PM3/5/16
to web2py-users
Just have to say THANK YOU, for your incredible contributions.
Cordially,
benYAH
Cordially,
benYAH
Reply all
Reply to author
Forward
0 new messages