In order to restrict access to the webservice, acordingly to the docs, you have to decorate the function that instantiates the webservice, for example:
@auth.requires_login()
def call():
return service()
@service.xmlrpc
def check():
return auth.user.email
So, in order to connect to this webservice, you would have to pass the user and password in the url, like this:
http://user:email@domain/default/call/xmlrpc
And then you would be able to run the function "check()" of the webservice.
So far all good. But what if I want to create a public webservice, and include a function for login (taking user and email as arguments)? The function should login the user and next calls to other functions should be able to check if user is logged in.
I've tried this with no success:
def call():
return service()
@service.xmlrpc
def login(data):
user = auth.login_bare(data['email'], data['password'])
if not user:
return False
else:
auth.login_user(user)
return True
@service.xmlrpc
def check():
if auth.is_logged_in():
return auth.user.email
else:
return False
However this doesn't work. I can succesfully connect to the webservice, and I can succesfully execute "login()" function, but then inmediately I execute "check()" function and I always receive False, so the session isn't created.
For the testing client I'm using class ServerProxy from python xmlrpclib.
I know this is easy to fix (using the first of the two examples shown here), but not all clients support basic authentication and I'm trying to figure out what to do for those cases. Thanks in advance!