Re: [web2py] Re: Auth with Wordpress
Yes, that could be the solution. Atleast as this only a temporary (I
really, really hope so) way of doing this.
Thank you.
Kenneth
I guess you could have wordpress set a cookie of some sort if they
have access, and then use that cookie in web2py to control access.
On Thursday, February 7, 2013 11:13:41 AM UTC-7, Kenneth wrote:
Hi Michael,
Am I understanding you solution completly wrong but isn't it so
that web2py asks WP if a username and password compination is OK.
In my case customer first logs into a WP site, he gets a list of
manuals he has paid for. When selecting a manual he wants to read
he is sent to a web2py site. Somehow WP has to tell web2py that it
is OK to show the site for the user.
Kenneth
Hello Kenneth,
But how do I handle that WP takes care of authentication and
somehow gives the customer rights to view the manual.
I had a similar problem. I added an XMLRPC method to my wordpress
instance to check if a given username/password combination is
valid and added an auth method to my web2py instance which calls
that XMLRPC method.
Wordpress Code:
|
# custom remote auth
add_filter('xmlrpc_methods','my_add_xml_rpc_methods');
functionmy_add_xml_rpc_methods($methods ){
$methods['mh.testCredentials']='test_credentials';
return$methods;
}
functiontest_credentials($params ){
global$wp_xmlrpc_server;
$blog_id =(int)$params[0];// not used, but follow in the form
of the wordpress built in XML-RPC actions
$username =$params[1];
$password =$params[2];
$args =$params[3];
// verify credentials
if(!$wp_xmlrpc_server->login($username,$password )){
returnFalse;
}
do_action('xmlrpc_call','mh.testCredentials');// patterned on
the core XML-RPC actions
// return success
returnTrue;
}
|
This is one of the tutorials I used when coming up with this:
http://www.foxrunsoftware.net/articles/wordpress/extending-the-wordpress-xml-rpc-api/
'))
"""
defbasic_login_aux(username,
password,server=server):
wp =Client(server,username,password)
retVal =None
try:
retVal =wp.call(GetUserInfo())
exceptInvalidCredentialsError:
returnFalse
returnretVal
returnbasic_login_aux
|
Now, where you configure your auth module, add this:
|
fromgluon.contrib.login_methods.my_auth importmy_auth
auth.settings.login_methods=[my_auth("http://mywordpress/xmlrpc.php";
)]# smart people use https
auth.settings.actions_disabled.append('register')
|
--
---
You received this message because you are subscribed to the
Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to web2py+un...@googlegroups.com .
For more options, visit https://groups.google.com/groups/opt_out
.
--
---
You received this message because you are subscribed to the Google
Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Auth with Wordpress
I guess you could have wordpress set a cookie of some sort if they have
access, and then use that cookie in web2py to control access.
On Thursday, February 7, 2013 11:13:41 AM UTC-7, Kenneth wrote:
>
> Hi Michael,
>
> Am I understanding you solution completly wrong but isn't it so that
> web2py asks WP if a username and password compination is OK. In my case
> customer first logs into a WP site, he gets a list of manuals he has paid
> for. When selecting a manual he wants to read he is sent to a web2py site.
> Somehow WP has to tell web2py that it is OK to show the site for the user.
>
>
> Kenneth
>
>
> Hello Kenneth,
>
>
>> But how do I handle that WP takes care of authentication and somehow
>> gives the customer rights to view the manual.
>>
>>
> I had a similar problem. I added an XMLRPC method to my wordpress instance
> to check if a given username/password combination is valid and added an
> auth method to my web2py instance which calls that XMLRPC method.
>
> Wordpress Code:
>
> # custom remote auth
> add_filter( 'xmlrpc_methods', 'my_add_xml_rpc_methods' );
>
> function my_add_xml_rpc_methods( $methods ) {
> $methods['mh.testCredentials'] = 'test_credentials';
> return $methods;
> }
>
>
> function test_credentials( $params ) {
>
> global $wp_xmlrpc_server;
>
> $blog_id = (int) $params[0]; // not used, but follow in the form of
> the wordpress built in XML-RPC actions
> $username = $params[1];
> $password = $params[2];
> $args = $params[3];
>
> // verify credentials
> if ( ! $wp_xmlrpc_server->login( $username, $password ) ) {
> return False;
> }
>
>
> do_action( 'xmlrpc_call', 'mh.testCredentials' ); // patterned on the
> core XML-RPC actions
>
> // return success
> return True;
> }
>
> This is one of the tutorials I used when coming up with this:
> http://www.foxrunsoftware.net/articles/wordpress/extending-the-wordpress-xml-rpc-api/
>
> Now the web2py part - copy to ./gluon/contrib/login_methods/my_auth.py
>
> from wordpress_xmlrpc import Client
> from wordpress_xmlrpc import AuthenticatedMethod
> from wordpress_xmlrpc import InvalidCredentialsError
>
>
> class GetUserInfo(AuthenticatedMethod):
> method_name = "mh.testCredentials"
>
>
>
> def my_auth(server):
> """
> to use basic login with a different server
> from gluon.contrib.login_methods.basic_auth import basic_auth
> auth.settings.login_methods.append(basic_auth('http://server'))
> """
>
> def basic_login_aux(username,
> password,server=server):
> wp = Client(server, username, password)
> retVal = None
> try:
> retVal = wp.call(GetUserInfo())
> except InvalidCredentialsError:
> return False
> return retVal
> return basic_login_aux
>
>
>
> Now, where you configure your auth module, add this:
> from gluon.contrib.login_methods.my_auth import my_auth
> auth.settings.login_methods=[my_auth("http://mywordpress/xmlrpc.php";
> )] # smart people use https
> auth.settings.actions_disabled.append('register')
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+un...@googlegroups.com .
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Auth with Wordpress
Am Donnerstag, 7. Februar 2013 19:13:41 UTC+1 schrieb Kenneth: > > Am I understanding you solution completly wrong but isn't it so that > web2py asks WP if a username and password compination is OK. In my case > customer first logs into a WP site, he gets a list of manuals he has paid > for. When selecting a manual he wants to read he is sent to a web2py site. > Somehow WP has to tell web2py that it is OK to show the site for the user. > > > Kenneth > > > Hi Kenneth, you are right, my solution won't do that. I was basically facing a similar problem and decided to just make the user log in again. Some kind of single log-in scheme or session sharing would be nice, but that's out of my depth. -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Auth with Wordpress
Hi Michael,
Am I understanding you solution completly wrong but isn't it so that
web2py asks WP if a username and password compination is OK. In my case
customer first logs into a WP site, he gets a list of manuals he has
paid for. When selecting a manual he wants to read he is sent to a
web2py site. Somehow WP has to tell web2py that it is OK to show the
site for the user.
Kenneth
Hello Kenneth,
But how do I handle that WP takes care of authentication and
somehow gives the customer rights to view the manual.
I had a similar problem. I added an XMLRPC method to my wordpress
instance to check if a given username/password combination is valid
and added an auth method to my web2py instance which calls that XMLRPC
method.
Wordpress Code:
|
# custom remote auth
add_filter('xmlrpc_methods','my_add_xml_rpc_methods');
functionmy_add_xml_rpc_methods($methods ){
$methods['mh.testCredentials']='test_credentials';
return$methods;
}
functiontest_credentials($params ){
global$wp_xmlrpc_server;
$blog_id =(int)$params[0];// not used, but follow in the form of the
wordpress built in XML-RPC actions
$username =$params[1];
$password =$params[2];
$args =$params[3];
// verify credentials
if(!$wp_xmlrpc_server->login($username,$password )){
returnFalse;
}
do_action('xmlrpc_call','mh.testCredentials');// patterned on the
core XML-RPC actions
// return success
returnTrue;
}
|
This is one of the tutorials I used when coming up with this:
http://www.foxrunsoftware.net/articles/wordpress/extending-the-wordpress-xml-rpc-api/
Now the web2py part - copy to ./gluon/contrib/login_methods/my_auth.py
|
fromwordpress_xmlrpc importClient
fromwordpress_xmlrpc importAuthenticatedMethod
fromwordpress_xmlrpc importInvalidCredentialsError
classGetUserInfo(AuthenticatedMethod):
method_name ="mh.testCredentials"
defmy_auth(server):
"""
to use basic login with a different server
from gluon.contrib.login_methods.basic_auth import basic_auth
auth.settings.login_methods.append(basic_auth('http://server'))
"""
defbasic_login_aux(username,
password,server=server):
wp =Client(server,username,password)
retVal =None
try:
retVal =wp.call(GetUserInfo())
exceptInvalidCredentialsError:
returnFalse
returnretVal
returnbasic_login_aux
|
Now, where you configure your auth module, add this:
|
fromgluon.contrib.login_methods.my_auth importmy_auth
auth.settings.login_methods=[my_auth("http://mywordpress/xmlrpc.php";)]# smart
people use https
auth.settings.actions_disabled.append('register')
|
--
---
You received this message because you are subscribed to the Google
Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
