Basic authentication question

78 views
Skip to first unread message

Alexei Vinidiktov

unread,
Apr 5, 2010, 10:21:57 PM4/5/10
to web...@googlegroups.com
Hello,

I'm trying to make a desktop client written in Python 2.5 (on Windows)
communicate with a web2py 1.76.5 based app using services. It works
fine with services that don't require authentication, but I was
wondering if I could make it authenticate the user with Basic
authentication.

I've read in the Python docs that xmlrpclib supports Basic authentication:

"
Both the HTTP and HTTPS transports support the URL syntax extension
for HTTP Basic Authentication: http://user:pass@host:port/path. The
user:pass portion will be base64-encoded as an HTTP `Authorization'
header, and sent to the remote server as part of the connection
process when invoking an XML-RPC method.
"

In my modified Welcome web2py app I've added the setting
auth.settings.allow_basic_authentication = True in
welcome/models/db.py

I've decorated the private_call action like so:

@auth.requires_login()
def private_call():
return private_service()

And I've added a test action getstring:

@private_service.xmlrpc
def getstring():
if auth.is_logged_in():
return "logged in!"
else:
return "not logged in!"

In my desktop app I'm calling the service like this:

self.server = xmlrpclib.Server("http://mye...@gmail.com:mypas...@127.0.0.1:8000/welcome/default/private_call/xmlrpc")
print self.server.getstring()

and I'm getting this traceback:

Traceback (most recent call last):
File "C:\Users\Alexei\Documents\wxPython\Boa\xml_rpc_test\Frame1.py", line 137
, in OnButton4Button
print self.server3.getstring()
File "C:\Python25\lib\xmlrpclib.py", line 1147, in __call__
return self.__send(self.__name, args)
File "C:\Python25\lib\xmlrpclib.py", line 1437, in __request
verbose=self.__verbose
File "C:\Users\Alexei\Documents\wxPython\Boa\xml_rpc_test\Frame1.py", line 185
, in request
headers
xmlrpclib.ProtocolError: <ProtocolError for mye...@gmail.com:mypassword@
127.0.0.1:8000/welcome/default/private_call/xmlrpc: 303 SEE OTHER>

I'm obviously doing something wrong. Could you point me in the right direction?

Thanks.

--
Alexei Vinidiktov

mdipierro

unread,
Apr 5, 2010, 10:36:56 PM4/5/10
to web2py-users
you need in db.py

auth.settings.allow_basic_login = True

it defaults to False


On Apr 5, 9:21 pm, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
wrote:

> self.server = xmlrpclib.Server("http://myem...@gmail.com:mypassw...@127.0.0.1:8000/welcome/default/private_call/xmlrpc")


> print self.server.getstring()
>
> and I'm getting this traceback:
>
> Traceback (most recent call last):
>   File "C:\Users\Alexei\Documents\wxPython\Boa\xml_rpc_test\Frame1.py", line 137
> , in OnButton4Button
>     print self.server3.getstring()
>   File "C:\Python25\lib\xmlrpclib.py", line 1147, in __call__
>     return self.__send(self.__name, args)
>   File "C:\Python25\lib\xmlrpclib.py", line 1437, in __request
>     verbose=self.__verbose
>   File "C:\Users\Alexei\Documents\wxPython\Boa\xml_rpc_test\Frame1.py", line 185
> , in request
>     headers

> xmlrpclib.ProtocolError: <ProtocolError for myem...@gmail.com:mypassword@

Alexei Vinidiktov

unread,
Apr 5, 2010, 10:44:44 PM4/5/10
to web...@googlegroups.com
Thanks a lot, Massimo! It worked!

> --
> You received this message because you are subscribed to the Google Groups "web2py-users" group.
> To post to this group, send email to web...@googlegroups.com.
> To unsubscribe from this group, send email to web2py+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
>
>

--
Alexei Vinidiktov

mdipierro

unread,
Apr 5, 2010, 10:55:24 PM4/5/10
to web2py-users
thank you for trying it. It is one of those features that not many
people are using but should be solid.

Massimo

On Apr 5, 9:44 pm, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
wrote:

Alexei Vinidiktov

unread,
Apr 5, 2010, 11:50:28 PM4/5/10
to web...@googlegroups.com
I just tried it with this json-rpc lib (
http://www.desfrenes.com/python-json-rpc ) , and it also seems to work
fine.

I have many more open questions about authentication and
authorization. I'm exploring different approaches for my application:
cookie-based, basic, token authentication, and different protocols
also (xmlrpc, jsonrpc, json).

Another question: If the authentication fails, my client application
receives "error 303 See Other".

It is my understanding that this error means that the user visiting
the website is redirected to a different page (apparently the page
defined in auth.settings.login_url).

Can I customize the error message such that the client application can
understand that the error results from the failed login attempt?

mdipierro

unread,
Apr 6, 2010, 12:26:18 AM4/6/10
to web2py-users
you can try define something like ths

def catch303(f):
try: return f()
except HTTP, http:
if http.status==303: return 'error'
raise http

and appy the additional decorator on top of auth.requires_login

@catch303
@auth.requires_login()

Massimo

On Apr 5, 10:50 pm, Alexei Vinidiktov <alexei.vinidik...@gmail.com>
wrote:
> I just tried it with this json-rpc lib (http://www.desfrenes.com/python-json-rpc) , and it also seems to work

Alexei Vinidiktov

unread,
Apr 6, 2010, 12:28:39 AM4/6/10
to web...@googlegroups.com
Thanks, Massimo. I'll try.

Reply all
Reply to author
Forward
0 new messages