by default requires_signature checks for all vars and args ... you're
generating the signature without taking into consideration the & data part.
On Wednesday, March 27, 2013 11:55:21 AM UTC+1, yashar wrote:
>
>
> here is the link :
> <script>
> window.location.href =
> '{{=URL('CS','close_inqueries',user_signature=True)}}' + '&' + data;
> </script>
>
> and here is the controler:
> def close_inqueries():
> print request.vars
> print '-'*20
> print session
>
> and here is the result:
> <Storage {'_signature': '180b1866f14c585f249ee0a3d8b74778e1ff79a0',
> 'Sea-24': 'on'}>
> --------------------
> <Storage {'_user_agent': {'os': {'name': 'Linux'}, 'is_tablet': False,
> 'is_mobile': False, 'dist': {'name': 'Ubuntu'}, 'browser': {'version':
> '19.0', 'name': 'Firefox'}}, '_auth_next': None, 'flash': None,
> 'user_type': 'CS', 'auth': <Storage {'hmac_key':
> 'bbdd4f5d-2cfa-4ee8-a7b4-c08a3b7874ee', 'remember': False, 'last_visit':
> datetime.datetime(2013, 3, 27, 11, 48, 35, 442411), 'expiration': 3600,
> 'user': <Row {'first_name': 'ali', 'last_name': 'naghi', 'registration_id':
> '', 'email': 'a...@naghi.com <javascript:>', 'reset_password_key': '',
> 'registration_key': '', 'id': 4}>, 'user_groups': {3: 'user_4'}}>,
> 'nickname': 'ali', '_session_hash': 'c55603687a5f7482dda9b0d85a7a78e1',
> '_formkey[login]': 'c8974fec-1b1d-4c47-9f5c-dbd4c765542c'}>
>
> as you see _signature and hmac_key have different values and i think this
> is the reason i get non authorized alert when i add
> @auth.requires_signature() to controller.
>
> what is the correct way to do this?
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
