restful api post works great localy, but getting login redirect on a remote server

199 views
Skip to first unread message

Adi

unread,
Oct 10, 2012, 10:46:54 AM10/10/12
to web...@googlegroups.com
This is an example from book, where authentication and posting into database work good on a local server.

Once I moved the code to production redhat linux server, where we have routes.py as bellow all I get as result is a login redirect:
You are being redirected <a href="/user/login?_next=/webservices/api/customer.json%3FFirstName%3DTim5%26LastName%3DJson">here</a>

If I remove authentication (@auth.requires_login() and @auth.requires_permission('insert customer through webservice')) on production server, records are inserted properly.

Tried adding default and webservices controllers into application specific routes.py, but it didn't help.

Any suggestions what should I do?

Thanks,
Adnan

tried in both, default.py and webservices.py controllers:

auth.settings.allow_basic_login = True
@auth.requires_login()
@auth.requires_permission('insert customer through webservice')
@request.restful()
def api():
    response
.view = 'generic.'+request.extension
   
   
def GET(*args,**vars):
        patterns
= [
           
"/members[customer]",
           
"/member_fn/{customer.FirstName.startswith}",
           
"/member_ln/{customer.LastName.startswith}",
           
"/member/{customer.FirstName}/:field",
           
"/member/{customer.FirstName}/orders[customer_order.customer_id]",
           
"/member/{customer.FirstName}/order[customer_order.customer_id]/{customer_order.id}",
           
"/member/{customer.FirstName}/order[customer_order.customer_id]/{customer_order.id}/:field"
           
]
        parser
= db.parse_as_rest(patterns,args,vars)
       
if parser.status == 200:
           
return dict(content=parser.response)
       
else:
           
raise HTTP(parser.status,parser.error)
   
def POST(table_name,**vars):
       
if table_name == 'customer':
           
return db.customer.validate_and_insert(**vars)
       
elif table_name == 'customer_order':
           
return db.customer_order.validate_and_insert(**vars)
       
else:
           
raise HTTP(400)
   
return locals()





web2py folder: routes.py
routers = dict(
   
# base router
    BASE
= dict(
        default_application
= 'welcome', domains = {'crm.domain.com': 'crm' }
   
),
)



crm app folder: routes.py (deleted)


Terminal test:


asm21
:~ adnan$ curl --user webservice@domain.com:pass -d "FirstName=Tim5&LastName=Json" http://crm.domain.com/api/customer.json
Result: You are being redirected <a href="/user/login?_next=/api/customer.json%3FFirstName%3DTim5%26LastName%3DJson">here</a>

asm21:~ adnan$ curl --user webse...@domain.com:pass -d "FirstName=Tim5&LastName=Json" http:/
/crm.domain.com/webservices/api/customer.json
Result: You are being redirected <a href="/user/login?_next=/webservices/api/customer.json%3FFirstName%3DTim5%26LastName%3DJson">here</a>




Adnan Smajlovic

unread,
Oct 11, 2012, 10:44:04 AM10/11/12
to web...@googlegroups.com
Tried 2.09 nightly build on a completely different (redhat) server and still getting redirect, while post works as expected on a local rocket.

Any hint where to look for a problem please?

using:

curl --user webservice@domain.com:pass -d "FirstName=Tim5&LastName=Json" http://crm.domain.com/api/customer.json

You are being redirected <a href="/crm/default/user/login?_next=/crm/webservices/api/customer.json

Thanks,
Adnan

Massimo Di Pierro

unread,
Oct 11, 2012, 5:05:55 PM10/11/12
to web...@googlegroups.com
Please open a ticket about this and I will look in detail asap.

Adnan Smajlovic

unread,
Oct 11, 2012, 6:00:25 PM10/11/12
to web...@googlegroups.com
Thanks Massimo for looking into this.

ticket opened:
http://code.google.com/p/web2py/issues/detail?id=1080&thanks=1080&ts=1349992678


--
 
 
 


Adi

unread,
Oct 16, 2012, 3:25:11 PM10/16/12
to web...@googlegroups.com

Could I please ask someone with Apache/mod_wsgi to test this code? Everything works fine on a local rocket webserver, and also on nginx, but for some reason when it runs on Apache returns "Not authorized". I just can't figure out where exactly is the problem. Same Apache server runs several web2py applications perfectly fine.

db=DAL()
from gluon.tools import Auth
auth = Auth(db).define_tables(username=True)
if db(db.auth_user).isempty():
    auth.get_or_create_user(dict(
            username='mdp',
            email='a...@b.com',
            password=db.auth_user.password.validate('test')[0]))
response.generic_patterns = ['*']
auth.settings.allow_basic_login = True

@request.restful()
@auth.requires_login()
def demo():
    def GET():
        return dict(hello='world')
    return locals()

Call:
curl --user mdp:test " http://127.0.0.1:8000/test3/default/demo.json

Does this work for you?

Thanks,
Adnan



On Thursday, October 11, 2012 6:00:30 PM UTC-4, Adi wrote:
Thanks Massimo for looking into this.

ticket opened:
http://code.google.com/p/web2py/issues/detail?id=1080&thanks=1080&ts=1349992678


Adi

unread,
Oct 16, 2012, 5:50:33 PM10/16/12
to web...@googlegroups.com

If this is of any help, I tried tracing basic login in tools.py, and figured out variable "basic" never gets value from current.request.env.http_authorization, so username and password never get passed through.

On the local server, that value gets populated and basic login works as expected... If anyone can share any advice where else to look for a problem, please do. Sorry for going crazy here :)

tools.py

   
def basic(self):
       
"""
        perform basic login.
        reads current.request.env.http_authorization
        and returns basic_allowed,basic_accepted,user
        """

       
if not self.settings.allow_basic_login:
           
return (False,False,False)
        basic
= current.request.env.http_authorization
       
if not basic or not basic[:6].lower() == 'basic ':
           
return (True, False, False)
       
(username, password) = base64.b64decode(basic[6:]).split(':')
       
return (True, True, self.login_bare(username, password))

Anatoli Hristov

unread,
Feb 15, 2018, 6:57:03 PM2/15/18
to web2py-users
Did anyone got it working? I have exact same problem.

Any help?

Thanks

Dave S

unread,
Feb 15, 2018, 8:31:14 PM2/15/18
to web2py-users


On Thursday, February 15, 2018 at 3:57:03 PM UTC-8, Anatoli Hristov wrote:
Did anyone got it working? I have exact same problem.

Any help?

Thanks

I have at least one API call  that works fine with BASIC (through both Rocket and Nginx), but while I consider it restful it doesn't use the restful/pattern construct, which I haven't needed yet.

(I did something more pattern-like in a node.js server, but that doesn't help here.)

/dps

Val K

unread,
Feb 18, 2018, 8:23:34 AM2/18/18
to web2py-users
If   Nginx is used, this should help: 
   proxy_set_header HTTP_AUTHORIZATION $http_authorization;
Reply all
Reply to author
Forward
0 new messages