confused about services and authorization

david.waldrop

unread,

Oct 24, 2010, 12:19:53 PM10/24/10

to web2py-users

I have spent the bulk of last evening and this morning trying to test
web2py services and authorization. In addition to setting
auth.settings.allow_basic_login = True I have deleted the "call
function" in the default controller, created a seperate controller
"mmservices",and and populated with the following code:

@auth.requires_login()
def call():
"""
exposes services. for example:
http://..../[app]/default/call/jsonrpc
decorate with @services.jsonrpc the functions to expose
supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
"""
session.forget()
return service()

@service.xmlrpc
def getmeetings():
if auth.is_logged_in():
return 'you are logged in!'
else:
return 'NO DICE'

@service.xmlrpc
def test(insink):
if auth.is_logged_in():
return 'test: you are logged in!'
else:
return 'test: NO DICE'

My questions are:

1) what is the purpose of the "call" function? I see that it is part
of the proxy when invoking, but am not sure where it gets invoked or
what it does. Does there need to be a separate call for each web-
service function (as I saw in a forum post)?

2) when i enter http://www.meetingmonkey.net/init/mmservices/getmeetings
without logging in I get "no dice". I suspect this is due to the fact
that I am accessing the function because it is in a controller. This
is not the desired behavior as I want to ensure the user has logged in
before getting access to the function. Is there a complete example of
the best practice for implementing web-services including where to put
various parts of code?

3) when I enter http://www.meetingmonkey.net/init/mmservices/call/xmlrpc/getmeetings
without logging 8in I am redirected to the login page. I would rather
just return an unauthorized error, but do not know how to do?

mdipierro

unread,

Oct 24, 2010, 1:38:26 PM10/24/10

to web2py-users

I am not sure you should register services in controller, unless you
also want to expose them as actions. I normally put them in a model.
Anyway...

@service.xmlrpc
@service.jsonrpc
@service.whetever

register a function as a service

def call(): return service()

simply exposes all services.

You can do

@auth.requires(auth.user)
def call(): return service()

and you will get an unauthorized error

> 2) when i enterhttp://www.meetingmonkey.net/init/mmservices/getmeetings

> without logging in I get "no dice". I suspect this is due to the fact
> that I am accessing the function because it is in a controller. This
> is not the desired behavior as I want to ensure the user has logged in
> before getting access to the function. Is there a complete example of
> the best practice for implementing web-services including where to put
> various parts of code?
>

> 3) when I enterhttp://www.meetingmonkey.net/init/mmservices/call/xmlrpc/getmeetings

David Waldrop

unread,

Oct 24, 2010, 2:13:38 PM10/24/10

to web...@googlegroups.com

Massimo, moving the function out of the controller enabled me to
successfully invoke the function via xmlrpc on my development machine, but
not on the production version. In the forum I see that this (303)
supposedly indicates invalid authorization, but the testing credentials are
valid on both sites. I did so by issuing the following at the python
console:

Python 2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit (Intel)]
on
win32
Type "help", "copyright", "credits" or "license" for more information.

>>> import xmlrpclib

>>> server =
xmlrpclib.Server("http://david....@gmail.com:x...@www.meetingmon
key.net/init/default/call/xmlrpc")

>>> server2 =
xmlrpclib.Server("http://david....@gmail.com:xx...@127.0.0.1:800
0/mm_beta_1/default/call/xmlrpc")

>>> server.getmeetings()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Python26\lib\xmlrpclib.py", line 1199, in __call__
return self.__send(self.__name, args)
File "C:\Python26\lib\xmlrpclib.py", line 1489, in __request
verbose=self.__verbose
File "C:\Python26\lib\xmlrpclib.py", line 1243, in request
headers
xmlrpclib.ProtocolError: <ProtocolError for
david....@gmail.com:xx...@www.meet
ingmonkey.net/init/default/call/xmlrpc: 303 SEE OTHER>

>>> server2.getmeetings()
'you are logged in!'

Do I need to enables something special in the environment other than
auth.settings.allow_basic_login = True, which is already set. Alos, is this
a recommended way of passing credentials to a web2py services, it seems as
if they may be exposed in the clear during transport???

/david

david.waldrop

unread,

Oct 24, 2010, 2:57:00 PM10/24/10

to web2py-users

Cancel that it DOES NOT work on local either. In the previous post it
worked I believe because I still had the old controller. Now that I
have deleted the controller puttilng the call function back in the
default controller, and moving the getmeeting function to a model
file, i am not able to access in the dev server or the productiontion
server. I am 100% sure the credentials are correct, but cannot figure
out why the authentication is not happening.

On Oct 24, 2:13 pm, "David Waldrop" <david.wald...@gmail.com> wrote:
> Massimo, moving the function out of the controller enabled me to
> successfully invoke the function via xmlrpc on my development machine, but
> not on the production version. In the forum I see that this (303)
> supposedly indicates invalid authorization, but the testing credentials are
> valid on both sites. I did so by issuing the following at the python
> console:
>
> Python 2.6.6 (r266:84297, Aug 24 2010, 18:46:32) [MSC v.1500 32 bit (Intel)]
> on
> win32
> Type "help", "copyright", "credits" or "license" for more information.
>
> >>> import xmlrpclib
> >>> server =
>

> xmlrpclib.Server("http://david.wald...@gmail.com:x...@www.meetingmon
> key.net/init/default/call/xmlrpc")
>
> >>> server2 =
>
> xmlrpclib.Server("http://david.wald...@gmail.com:x...@127.0.0.1:800

> 0/mm_beta_1/default/call/xmlrpc")
>
> >>> server.getmeetings()
>
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File "C:\Python26\lib\xmlrpclib.py", line 1199, in __call__
> return self.__send(self.__name, args)
> File "C:\Python26\lib\xmlrpclib.py", line 1489, in __request
> verbose=self.__verbose
> File "C:\Python26\lib\xmlrpclib.py", line 1243, in request
> headers
> xmlrpclib.ProtocolError: <ProtocolError for

> david.wald...@gmail.com:x...@www.meet

Message has been deleted

David Waldrop

unread,

Oct 24, 2010, 3:32:42 PM10/24/10

to web2py-users

Even more confusion. I can get it to work on dev environment by reverting
to the original decorator on call

#...@auth.requires(auth.user)

@auth.requires_login()
def call():
"""
exposes services. for example:
http://..../[app]/default/call/jsonrpc
decorate with @services.jsonrpc the functions to expose
supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
"""
session.forget()
return service()

This works on the local/dev machine. By work I meant i get the expected result when valid credentials are passed, and a 303 when invalid is passed!!! I cannot get it to work on the production system. If I comment out the authorization decorator all together the service is invoked thereby isolating the problem to the way the credentials are passed/handled. The code is Identical so it must be something in the environmental setup. Any ideas?

--
david....@gmail.com | 301.526.9500

mdipierro

unread,

Oct 24, 2010, 4:16:57 PM10/24/10

to web2py-users

please email me a minimalist program to reproduce the problem and I
will debug it.

On Oct 24, 2:32 pm, David Waldrop <david.wald...@gmail.com> wrote:
> Even more confusion. I can get it to work on dev environment by reverting
> to the original decorator on call
>

> #...<http://groups.google.com/groups/unlock?_done=/group/web2py/browse_thr...>
> @auth.requires(auth.user)

> @auth.requires_login()
> def call():
> """
> exposes services. for example:

> http://..../<http://www.google.com/url?sa=D&q=http://..../&usg=AFQjCNHTjjhgMOeO9jl...>

> [app]/default/call/jsonrpc
> decorate with @services.jsonrpc the functions to expose
> supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
> """
> session.forget()
> return service()
>
> This works on the local/dev machine. By work I meant i get the expected
> result when valid credentials are passed, and a 303 when invalid is
> passed!!! I cannot get it to work on the production system. If I comment
> out the authorization decorator all together the service is invoked thereby
> isolating the problem to the way the credentials are passed/handled. The
> code is Identical so it must be something in the environmental setup. Any
> ideas?
>

> david.wald...@gmail.com | 301.526.9500

David Waldrop

unread,

Oct 24, 2010, 4:52:53 PM10/24/10

to web...@googlegroups.com

Massimo, Thanks. This is absolutely maddening. Attached is simple app. It
exposes 1 service "getmeetings" located in the mm_services model. The db.py
file includes the statement:

auth.settings.allow_basic_login = True

and the default/call function is decorated to require login.

The app behaves correctly when running on my local machine, but always
returns 303 when invoked on the production server.

web2py.app.svctest.w2p

mdipierro

unread,

Oct 24, 2010, 5:15:15 PM10/24/10

to web2py-users

Can you also tell us more about the production server? What web
server? Os?

> web2py.app.svctest.w2p
> 1006KViewDownload

David Waldrop

unread,

Oct 24, 2010, 5:34:54 PM10/24/10

to web...@googlegroups.com

It’s the standard webfaction config, web2py and python installed using their
scripts.

David Waldrop

unread,

Oct 25, 2010, 12:04:20 PM10/25/10

to web...@googlegroups.com

Massimo,

The webfaction server is Linux based and uses Apache as the web server.
Additionally, below are the commands I used to test via a python console:

--------------------------------------
The original app (from which the test was derived)

import xmlrpclib
rserver =
xmlrpclib.Server("http://david....@gmail.com:xx...@www.meetingmonkey.net/i
nit/default/call/xmlrpc")
rserver.getmeetings()

lserver =

xmlrpclib.Server("http://david....@gmail.com:xx...@127.0.0.1:8000/mm_beta_
1/default/call/xmlrpc")

lserver.getmeetings()

------------------------------------
The test app I sent last evening

tserver =
xmlrpclib.Server("http://david....@gmail.com:xx...@127.0.0.1:8000/svctest/
default/call/xmlrpc")
tserver.getmeetings()

rserver =
xmlrpclib.Server("http://david....@gmail.com:xx...@www.meetingmonkey.net/w
elcome/default/call/xmlrpc")
rserver.getmeetings()

mdipierro

unread,

Nov 2, 2010, 12:55:24 PM11/2/10

to web2py-users

I think the problem is here:

"http://david.wald...@gmail.com:x...@127.0.0.1:8000/svctest/default/
call/xmlrpc"

there are two @. the username and password must be encoded using
urllib.quote

On Oct 25, 11:04 am, "David Waldrop" <david.wald...@gmail.com> wrote:
> Massimo,
>

> The webfaction server is Linux based and uses Apache as the web server.
> Additionally, below are the commands I used to test via a python console:
>
> --------------------------------------
> The original app (from which the test was derived)
>
> import xmlrpclib
> rserver =

> xmlrpclib.Server("http://david.wald...@gmail.com:x...@www.meetingmonkey.net/i

> nit/default/call/xmlrpc")
> rserver.getmeetings()
>
> lserver =

> xmlrpclib.Server("http://david.wald...@gmail.com:x...@127.0.0.1:8000/mm_beta_

> 1/default/call/xmlrpc")
> lserver.getmeetings()
>
> ------------------------------------
> The test app I sent last evening
>
> tserver =

> xmlrpclib.Server("http://david.wald...@gmail.com:x...@127.0.0.1:8000/svctest/

> default/call/xmlrpc")
> tserver.getmeetings()
>
> rserver =

> xmlrpclib.Server("http://david.wald...@gmail.com:x...@www.meetingmonkey.net/w

David Waldrop

unread,

Nov 2, 2010, 1:41:19 PM11/2/10

to web...@googlegroups.com

I tried several variations of encoding the url but got the following.

Last login: Mon Nov 1 05:46:43 on ttys000
pydlw-mac-laptop:~ David$ python
Python 2.5 (r25:51918, Sep 19 2006, 08:49:13)
[GCC 4.0.1 (Apple Computer, Inc. build 5341)] on darwin

Type "help", "copyright", "credits" or "license" for more information.

>>> import urlib