hi,
I'm new to web2py, so I'm afraid this is a silly question to ask, but I'm
having a hard time trying to put some pieces together.
web2py documentation seems really complete most of times, but the chapter
about Access Control relies too much in Janrain, which I would love to
avoid using if possible (I have no problem with Janrain).
what I want to do is offer the default auth using local database features
*plus* OpenID Auth (for Yahoo and Google) and if possible, later, also
support Facebook too (again, I have no problem with Facebook, I just
happened to try OpenID Auth first).
so, first, I used only the default auth with local database, and build my
login form html layout by hand, like this:
*db.py:*
from gluon.tools import Auth
auth = Auth(db)
auth.define_tables(username=False, signature=False)
*default.py:*
def index():
if auth.is_logged_in():
redirect(URL('home'))
return dict(form=auth())
def user():
return dict(form=auth())
def home():
return dict()
*index.html:*
...
<form method="post" action="/myapp/default/user/login"
enctype="multipart/form-data">
<input type="text" name="email" >
<input type="password" name="password" >
<input name="_next" type="hidden"
value="/acompanhacao/default/index">
<input name="_formkey" type="hidden"
value="{{=form.formkey}}">
<input name="_formname" type="hidden" value="login">
<button type="submit">Submit</button>
</form>
...
and everything worked just fine (I had to fire the register url once, so I
got an account to use, but I plan to improve this step later).
I could login, logout, check if the user is_logged_in, etc. fine!
now the problem starts. I wanted to add suport to OpenID without Janrain.
so, I checked the Access Control chapter in the documentation, got some
hints but no full examples, then I downloaded and checked the sources for
the files openid_auth.py and extended_login_form.py (both from
gluon.contrib.login_methods), got some other hints, googled something and
ended up with this:
*db.py:*
from gluon.tools import Auth
auth = Auth(db)
auth.define_tables(username=False, signature=False)
from gluon.contrib.login_methods.openid_auth import OpenIDAuth
openid_login_form = OpenIDAuth(auth)
from gluon.contrib.login_methods.extended_login_form import
ExtendedLoginForm
extended_login_form = ExtendedLoginForm(auth, openid_login_form,
signals=['oid'])
auth.settings.login_form = extended_login_form
*default.py:*
# no change in the previous methods, but added this:
def test():
return dict(form=auth())
*test.html:*
{{=form}}
ok. now, when I browse /myapp/default/test I see a page with a form in two
parts, the first one with username/password fields, and the bottom with a
new field to input my openid provider url.
the first thing I noticed is that I could not just use the tag:
{{=form.formkey}} and build my form by hand, because I get a strange error
like: "AttributeError: 'DIV' object has no attribute 'formkey'"
some some reason, I believe my auth form is wrapped in such a way I cannot
access its _formkey attribute anymore (and that's I endded up with that
simple test.html)
also, I could find no place to input beforehand the openid provider url. in
fact, this is not completelly bad, because I plan to use two providers
(yahoo and google) and so I'll probably put two forms (or just one
javascript-managed) in my page.
anyway, I still want to be able to build my forms by hand, and I cannot do
this without access to the "formkey". (I believe)
other thing I noticed is that there is no place where I inform which
attributes I want from the openid provider (email, nickname, etc).
...
anyway, I populated the automatically built form, submitted, and was
redirected to the openid provider (I tested with yahoo, using url:
https://me.yahoo.com).
then I informed my username and password and was redirected back to my app,
as if I logged in.
but when I tested is_logged_in(), I got false. then, I checked the
db.alt_logins table, and db.auth_user table, I found nothing new there (no
new record with a new user or anything).
so, I believe I almost did it, but something is still missing.
what need to be answered is:
1. is it possible to use both auth methods (default and openid) together
without Janrain? how do I setup this?
2. is it possible to build my forms by hand, without depending on the
auto-generated forms?
3. if I got it right, the only thing I need is the form._formkey attribute,
and for all the rest I can write my own html. I just need to know how to
get the formkey from the extended_login_form;
4. the ExtendedLoginForm class seems to support only two auth methods, so
how could I support three? for example: default auth, plus openid
(yahoo/google), plus oauth (facebook)? can I chain ExtendedLoginForms?
5. I could find no docs about the "signals" used in the ExtendedLoginForm.
could this be the problem in my setup? I tried using signals=['oid']
sorry for the mega-post,
and thanks in advance!
regards,
Cesar
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
