[web2py] Re: Force authentication to whole app
This should really go in documentation ;) On Friday, February 13, 2015 at 5:19:33 AM UTC-5, mcamel wrote: > > Cool!. > > It works perfectlly on controllers files, but causes infinite recursion in > auth model file. > > So if you want to apply it to your whole app, writing it once and in one > place, this can be used in auth model, after defining auth: > > if request.url != auth.settings.login_url: > auth.requires_login()(lambda: None)() > > Thanks! > > > El viernes, 13 de febrero de 2015, 0:35:52 (UTC+1), Anthony escribió: >> >> A decorator is just a special type of function that takes a callable and >> returns another callable. You typically use it via the "@" syntax, but you >> don't have to use it that way. >> >> @auth.requires_login() >> def myfunc(): >> return dict() >> >> is equivalent to: >> >> def myfunc(): >> return dict() >> myfunc = auth.requires_login()(myfunc) >> >> You are simply passing myfunc to a function and getting back a new >> function. >> >> In this case, we don't really have a function to decorate, so we just >> pass in a dummy function (i.e., lambda: None). What we really want is for >> auth.requires_login() to execute its redirect logic in case the user isn't >> logged in. Otherwise, it should just do nothing and move on. >> >> Anthony >> >> On Thursday, February 12, 2015 at 4:29:42 PM UTC-5, Tom Campbell wrote: >>> >>> To take advantage of the decorators at a file level, you can also do this at the top level of a file: auth.requires_login()(lambda: None)() The decorators ultimately call auth.requires, which itself returns a decorator. The above passes a dummy function to that decorator and then simply calls it. Note, you don't prepend with "@" in this case, as you are not decorating a Python function. I think that's brilliant... but I don't quite understand. Without the >>> decorators how to the functions in the file get forced to go through >>> auth.requires_login()? >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Force authentication to whole app
Cool!. It works perfectlly on controllers files, but causes infinite recursion in auth model file. So if you want to apply it to your whole app, writing it once and in one place, this can be used in auth model, after defining auth: if request.url != auth.settings.login_url: auth.requires_login()(lambda: None)() Thanks! El viernes, 13 de febrero de 2015, 0:35:52 (UTC+1), Anthony escribió: > > A decorator is just a special type of function that takes a callable and > returns another callable. You typically use it via the "@" syntax, but you > don't have to use it that way. > > @auth.requires_login() > def myfunc(): > return dict() > > is equivalent to: > > def myfunc(): > return dict() > myfunc = auth.requires_login()(myfunc) > > You are simply passing myfunc to a function and getting back a new > function. > > In this case, we don't really have a function to decorate, so we just pass > in a dummy function (i.e., lambda: None). What we really want is for > auth.requires_login() to execute its redirect logic in case the user isn't > logged in. Otherwise, it should just do nothing and move on. > > Anthony > > On Thursday, February 12, 2015 at 4:29:42 PM UTC-5, Tom Campbell wrote: >> >> To take advantage of the decorators at a file level, you can also do this >>> at the top level of a file: >>> >>> auth.requires_login()(lambda: None)() >>> >>> The decorators ultimately call auth.requires, which itself returns a >>> decorator. The above passes a dummy function to that decorator and then >>> simply calls it. Note, you don't prepend with "@" in this case, as you are >>> not decorating a Python function. >>> >>> I think that's brilliant... but I don't quite understand. Without the >> decorators how to the functions in the file get forced to go through >> auth.requires_login()? >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Force authentication to whole app
A decorator is just a special type of function that takes a callable and returns another callable. You typically use it via the "@" syntax, but you don't have to use it that way. @auth.requires_login() def myfunc(): return dict() is equivalent to: def myfunc(): return dict() myfunc = auth.requires_login()(myfunc) You are simply passing myfunc to a function and getting back a new function. In the case of auth.requires_login(), we don't really have a function to decorate, so we just pass in a dummy function (i.e., lambda: None). What we really want is for auth.requires_login() to execute its redirect logic in case the user isn't logged in. Otherwise, it should just do nothing and move on. Anthony On Thursday, February 12, 2015 at 4:29:42 PM UTC-5, Tom Campbell wrote: > > To take advantage of the decorators at a file level, you can also do this >> at the top level of a file: >> >> auth.requires_login()(lambda: None)() >> >> The decorators ultimately call auth.requires, which itself returns a >> decorator. The above passes a dummy function to that decorator and then >> simply calls it. Note, you don't prepend with "@" in this case, as you are >> not decorating a Python function. >> >> I think that's brilliant... but I don't quite understand. Without the > decorators how to the functions in the file get forced to go through > auth.requires_login()? > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Force authentication to whole app
> > To take advantage of the decorators at a file level, you can also do this > at the top level of a file: > > auth.requires_login()(lambda: None)() > > The decorators ultimately call auth.requires, which itself returns a > decorator. The above passes a dummy function to that decorator and then > simply calls it. Note, you don't prepend with "@" in this case, as you are > not decorating a Python function. > > I think that's brilliant... but I don't quite understand. Without the decorators how to the functions in the file get forced to go through auth.requires_login()? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Force authentication to whole app
To take advantage of the decorators at a file level, you can also do this at the top level of a file: auth.requires_login()(lambda: None)() The decorators ultimately call auth.requires, which itself returns a decorator. The above passes a dummy function to that decorator and then simply calls it. Anthony On Thursday, February 12, 2015 at 6:11:40 AM UTC-5, mcamel wrote: > > Hello, > > You can use @auth* decorators to force authentication to single functions, > but how you can force authentication to your whole application?. > > I use this, just after defining auth: > > if not auth.is_logged_in(): > # avoid infinite recursion > if request.url != auth.settings.login_url: > # after authentication go to the intended url > redirect(auth.settings.login_url + '?_next=' + request.env. > request_uri) > > Any better aproach?. > > You can also exclude certain controllers and/or functions: > > if not auth.is_logged_in(): > if request.controller != 'util' and request.function != > 'change_language': > # avoid infinite recursion > if request.url != auth.settings.login_url: > # after authentication go to the intended url > redirect(auth.settings.login_url + '?_next=' + request.env. > request_uri) > > Regards. > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Force authentication to whole app
I basically agree you. I use auth decorators with my functions. This is just an extra security mechanism, set once in one single place. Then you forget about it. It only has sense in some kind of applications. It could be used instead of auth decorators only in extremelly simple apps where you have access to all or nothing. Regards. El jueves, 12 de febrero de 2015, 12:34:08 (UTC+1), Leonel Câmara escribió: > > I think the first one (with more exceptions for register, lost password, > etc) is an acceptable solution. > > However, when you start making more exceptions then it just starts being > messy, unreadable, and I would just start decorating my controller > functions (all of them if necessary). That's why it's a decorator so you > only put it where it's needed. I don't want to parse a bunch of complicated > if conditions in a model file to know if a function in a controller > (another file) requires login, it's high cognitive load I don't want in my > code. > > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Force authentication to whole app
I think the first one (with more exceptions for register, lost password, etc) is an acceptable solution. However, when you start making more exceptions then it just starts being messy, unreadable, and I would just start decorating my controller functions (all of them if necessary). That's why it's a decorator so you only put it where it's needed. I don't want to parse a bunch of complicated if conditions in a model file to know if a function in a controller (another file) requires login, it's high cognitive load I don't want in my code. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.