Skip to first unread message
horridohobbyist
May 30, 2015, 2:32:24 PM5/30/15
to web...@googlegroups.com
I'm trying to implement a REST api. I've coded the following:
When I try to use jQuery ajax to perform the same operation, it chokes on the user authorization, whether I use JS headers or beforeSend. So I suspect I'm doing something wrong. (But why is cURL working???)
@request.restful()
def api():
  response.view = 'generic.json'
  # curl -k --user tyr...@yahoo.ca:Lannister -G -d "var1=something1" -d "var2=something2"
  #   https://miramar21.com/tut_server/default/api/verify/person/:usr/:pwd
  #   https://miramar21.com/tut_server/default/api/add/person
  #   https://miramar21.com/tut_server/default/api/update/person/:id
  def GET(*args,**vars):
    auth.basic()
    if not auth.user:
      return dict(unauthorized=True)
    try:
      if args[0] == 'verify':
        if len(args) > 3:
          table_name = args[1]
          usr = args[2]
          pwd = args[3]
          alg = 'pbkdf2(1000,20,sha512)'
          hash = str(CRYPT(digest_alg=alg,salt=False)(pwd)[0])
          row = db(db[table_name].email==usr).select().first()
          if row:
            status = True if row.password == hash else False
            return dict(verified=status,id=row.id)
        return locals()
      if args[0] == 'add':
        if len(args) > 1:
          table_name = args[1]
          return db[table_name].validate_and_insert(**vars)
        return locals()
      if args[0] == 'update':
        if len(args) > 2:
          table_name = args[1]
          record_id = args[2]
          return db(db[table_name]._id==record_id).validate_and_update(**vars)
        return locals()
    except:
      return dict(fatal=True)
    return locals()
  return locals()I have a feeling that I'm not doing user authorization for the REST api correctly, although the following cURL command works fine:
curl -k --user tyrion@yahoo.ca:Lannister https://miramar21.com/tut_server/default/api/verify/person/james...@outlook.com/PrometheusWhen I try to use jQuery ajax to perform the same operation, it chokes on the user authorization, whether I use JS headers or beforeSend. So I suspect I'm doing something wrong. (But why is cURL working???)
I just want to control user authorization as simply and cleanly as possible.
horridohobbyist
May 30, 2015, 7:18:20 PM5/30/15
to web...@googlegroups.com
I tried this decorator, too:
auth.settings.allow_basic_login = True
@auth.requires_login()jQuery still chokes on user authorization. Moreover, it tries to redirect you to a login page, which in my case is not applicable.
horridohobbyist
May 31, 2015, 9:28:19 AM5/31/15
to web...@googlegroups.com
I figured out what was wrong. It all comes down to CORS – CORS and user authentication are quite braindead (http://stackoverflow.com/questions/21850454/how-to-make-xmlhttprequest-cross-domain-withcredentials-http-authorization-cor). I decided to bypass all this CORS shit and do my own user authorization. Works like a charm.
Reply all
Reply to author
Forward
0 new messages