Creating a new auth session
Jon Romero
to auth using FBConnect.
The thing that I am doing is after the user has logged in (and I have
his fb_uid) I create a new session like this:
if not auth.is_logged_in():
user_obj = Storage(user_table._filter_fields(Users.find_by_id
(user_id)[0], id=True))
session.auth = Storage(user=user_obj, last_visit=request.now,
expiration=2600)
where Users.find_by_id(user_id) assume it's db(db.users.id ==
user_id).select()
Even though it seems to work, I don't think it is correct (because if
it is THAT simple for everyone to
create an auth object then he can hack the system).
I checked the auth.requires_login but I couldn't figure it out.
So, how can I create a new session programmatically (like the login
page does)?
mdipierro
from gluon.storage import Storage
session.auth=Storage()
session.auth.user = db(db.auth_user.id==logged_in_user_id).select
().first()
session.auth.user_id = session.auth.user.id
session.auth.last_visit = request.now
set session.auth=None on logout.
Jon Romero
@auth.requires_login()
def admin_area():
...do stuf...
return ....
If a user creates a session by hand, he can access that area right?
Alex Fanjul
could you please share it with us? it's very interesting for all the
projects.
thanks in advance,
alex
El 31/01/2010 16:08, Jon Romero escribi�:
--
Alejandro Fanjul Fdez.
alex....@gmail.com
www.mhproject.org
Jon Romero
group) but I've done a lot of changes so it can play nicely with auth.
And mdipierro has created already a plugin using it.
Alex Fanjul
to get a real single sing on, where you can really connect and login in
a web2py app with a simple facebook account.
alex
El 31/01/2010 17:24, Jon Romero escribi�:
--
Jon Romero
>All auth does on successful login is:
>from gluon.storage import Storage
>session.auth=Storage()
>session.auth.user = db(db.auth_user.id==logged_in_user_id).select
().first()
>session.auth.user_id = session.auth.user.id
>session.auth.last_visit = request.now
>set session.auth=None on logout.
>
> >>> So, how can Icreatea new session programmatically (like the login
> >>> page does)?
>
> >> --
> >> Alejandro Fanjul Fdez.
> >> alex.fan...@gmail.comwww.mhproject.org
>
> --
> Alejandro Fanjul Fdez.
Rohan
Can you please share updates on integration between fbconnect and
auth.user()?
Thanks
Subscription settings: http://groups.google.com/group/web2py/subscribe?hl=en
mdipierro
but has not been done yet.
Jon Romero
You can see that is FULLY integrated on this site: http://beyourstar.gr
After facebook login, you get an auth.user :D
mdipierro
Jon Romero
Take a look at it here:
http://codepad.org/tadGosTd
I am using my prototype activerecord for some database calls (that
should explain the find_by_id).
mdipierro
db.users?
Jon Romero
db.define_table('users',
Field('username', 'string', unique=True, label="Username [*]"),
Field('password', 'password', requires=CRYPT(), readable=False,
label="Password [*]"),
Field('registration_key',length=128, writable=False, readable=False),
Field('first_name', default=None, length=128, writable=False,
readable=False),
Field('last_name', default=None, length=128, writable=False,
readable=False),
Field('email', length=128, unique=True, label="Email [*]"),
Field('age', 'integer', default=18),
Field('name', length=32, default="Anonymous"),
Field('fb_id', 'integer', default=0, writable=False, readable=False),
and so on.
When I find some time, I have to make a proper slice.