How the 'auth.settings.allow_basic_login = True' works like?

191 views
Skip to first unread message

David Marko

unread,
Dec 29, 2009, 3:58:37 PM12/29/09
to web2py-users
How the settings 'auth.settings.allow_basic_login = True' is supposed
to work? I tried to login to protected method('@auth.requires_login
()') via basic auth, but was not succesfull. Is there some additional
setting for protected methods or '@auth.requires_login()'' is simply
used for both auth ? Can someone explain please?

David

David Marko

unread,
Dec 29, 2009, 3:59:16 PM12/29/09
to web2py-users

mdipierro

unread,
Dec 29, 2009, 4:25:34 PM12/29/09
to web2py-users
The allow basic login allows you to call functions that
@auth.requires_login() by passing the credential using basic auth for
example call the url using wget and curl.

How are you using it?

On Dec 29, 2:59 pm, David Marko <dma...@tiscali.cz> wrote:
> How the settings 'auth.settings.allow_basic_login = True' is supposed

> to work? I tried to login to protected method('...@auth.requires_login


> ()') via basic auth, but was not succesfull. Is there some additional

> setting for protected methods or '...@auth.requires_login()'' is simply

David Marko

unread,
Dec 30, 2009, 2:16:46 AM12/30/09
to web2py-users
I simply tried to call the method with URLcontaining the username/
password. e.g. tttp://username:pwd@localhost:8080/.... . Its just
internal call so its fine that username/pwd is in URL. I simply tried
this in browser, but login form apeared instead.

David

mdipierro

unread,
Dec 30, 2009, 9:25:38 AM12/30/09
to web2py-users
That probably will not work since it is not what was designed for.
I am not sure why it did not work thou.
If the username is the email, did you escape it?

Alex Fanjul

unread,
Dec 30, 2009, 11:12:17 AM12/30/09
to web...@googlegroups.com, mdipierro
Massimo I think the username is not an email, is just the standard way
of accessing url with basic auth, isn't it?
http:// username : password @ domain : port / uri

alex

El 30/12/2009 15:25, mdipierro escribi�:

> --
>
> You received this message because you are subscribed to the Google Groups "web2py-users" group.
> To post to this group, send email to web...@googlegroups.com.
> To unsubscribe from this group, send email to web2py+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
>
>
>
>

--
Alejandro Fanjul Fdez.
alex....@gmail.com
www.mhproject.org

Massimo Di Pierro

unread,
Dec 30, 2009, 12:06:00 PM12/30/09
to Alex Fanjul, web...@googlegroups.com
It depends. Unless you have custom auth_user table with a username
field, your username is the email and that is what you should use in
basic auth.

On Dec 30, 2009, at 10:12 AM, Alex Fanjul wrote:

> Massimo I think the username is not an email, is just the standard way
> of accessing url with basic auth, isn't it?
> http:// username : password @ domain : port / uri
>
> alex
>

Alex Fanjul

unread,
Dec 30, 2009, 6:26:34 PM12/30/09
to Massimo Di Pierro, web...@googlegroups.com
So I guess that is the problem, traying to access url through standard
way but with email username because it would remain:
http://us...@mail.com:password@domain:port/uri , and I think this won't
be valid...
alex f

El 30/12/2009 18:06, Massimo Di Pierro escribi�:


> It depends. Unless you have custom auth_user table with a username
> field, your username is the email and that is what you should use in
> basic auth.
>
> On Dec 30, 2009, at 10:12 AM, Alex Fanjul wrote:
>
>> Massimo I think the username is not an email, is just the standard way
>> of accessing url with basic auth, isn't it?
>> http:// username : password @ domain : port / uri
>>
>> alex
>>

>> El 30/12/2009 15:25, mdipierro escribi�:

Massimo Di Pierro

unread,
Dec 30, 2009, 9:30:40 PM12/30/09
to Alex Fanjul, web...@googlegroups.com
No but

http://user%40mail.com:password@domain:port/url

may work %40 is the @ escaped. You also have to escape the password.


On Dec 30, 2009, at 5:26 PM, Alex Fanjul wrote:

http://us...@mail.com:password@domain:port/url

Joel Couelier

unread,
Jul 4, 2016, 9:30:04 AM7/4/16
to web2py-users, alex....@gmail.com
Hello Massimo,

Just a quick question, have you got the confirmation if sending user + password directly in the URL is working on basic auth mode?

I have added the following on my controller :

if request.function == 'ping':
     auth.settings.allow_basic_login = True

@auth.requires_login()
def ping():
   return dict()

and i am trying to access this page launching the following URL :
http://jcouelier%40gmail.com:<password escaped>@domain:port/URL

But i still obtain the login page 

Massimo Di Pierro

unread,
Jul 5, 2016, 9:37:39 AM7/5/16
to web2py-users, alex....@gmail.com
Your code works for me when using 

curl "http://jcouelier%40gmail.com:<password escaped>@domain:port/URL" 

but now when using the browser. So I think the browser is removing the username and password.

Joel Couelier

unread,
Jul 5, 2016, 10:16:44 AM7/5/16
to web...@googlegroups.com

Thanks Massimo for your update.

Kr,

Joel

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/jrDTIC5Uvo0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages