You can do another check and raise HTTP(404, 'Pending registration') if the user is pending just after that code you already put in place
2015-03-12 16:53 GMT+01:00 LoveWeb2py <atayloru...@gmail.com>: > Any thoughts on how I could check to see if the user is a new user and if > they are to mark their account as pending (as if I was using the old form > of auth). However, pending doesn't seem to work when using x509 auth. > > I wanted to use the book class: > auth.settings.registration_requires_verification > = True > > However, if I use PKI authentication it automatically registers the user > and grants them access. Any thoughts on how I could set their account to > pending when they visit the page for the first time? I was thinking of > selecting db(db.auth_user.username==auth.user).select().first() if that > equals none then enter their data with the account pending, else just pass, > but pending doesn't work either. > > On Thursday, March 12, 2015 at 10:10:33 AM UTC-4, LoveWeb2py wrote: >> >> @dps - I agree comments should be added. I'll put together a detailed >> description of the configuration changes I had to make and the modification >> needed in x509 auth to get it to work. >> >> -Austin >> >> On Wednesday, March 11, 2015 at 1:56:58 PM UTC-4, Dave S wrote: >>> >>> >>> >>> On Wednesday, March 11, 2015 at 6:50:28 AM UTC-7, mcm wrote: >>>> >>>> If you do not have the email you can use the registration_id and >>>> username fields. >>>> Most details are on the book: http://web2py.com/books/ >>>> default/chapter/29/09/access-control >>>> >>> >>> Would it be appropriate to add some of the comments above into the >>> deployment recipe chapter >>> (#13 , <URL:http://www.web2py.com/books/default/chapter/29/13/ >>> deployment-recipes#Apache-setup> >>> since the X509 section in your link ends with >>> In particular you need to tell your web server where the certificates >>> are located on local host and that it needs to verify certificates coming >>> from the clients. How to do it is web server dependent and therefore >>> omitted here. >>> >>> >>> /dps >>> >>> >>>> 2015-03-11 14:08 GMT+01:00 Michele Comitini <michele....@gmail.com>: >>>> >>>>> You can read any of the fields a certificate contains eventually. >>>>> see here for some ideas: https://code.google.com/p/simpatica/ >>>>> >>>>> It's a working PKI that allows to generate csr and sign them with a >>>>> valid signin certificate >>>>> >>>>> 2015-03-11 13:48 GMT+01:00 LoveWeb2py <atayl...@gmail.com>: >>>>> >>>>>> Once authentication happens how can I make them members of groups. I >>>>>> notice now they don't have an entry in Auth user. Should I have them >>>>>> register first and once they're reigstered they can use PKI >>>>>> authentication? >>>>>> This is uncharted waters for me so I'm trying to figure out the best >>>>>> approach for it. >>>>>> >>>>>> On Wednesday, March 11, 2015 at 8:05:48 AM UTC-4, mcm wrote: >>>>>>> >>>>>>> I am glad someone is using x509 Auth, it is a very simple way to >>>>>>> handle user security, >>>>>>> >>>>>>> One important piece of the puzzle (with apache) is: >>>>>>> >>>>>>> SSLVerifyClient optional >>>>>>> >>>>>>> The optional allows one to accept any user on the website, while >>>>>>> having some web2py actions require a valid user certificate >>>>>>> just by adding the standard @auth.requires_login() >>>>>>> >>>>>>> ## Client Authentication (Type): >>>>>>> # Client certificate verification type and depth. Types are >>>>>>> none, optional, >>>>>>> # require and optional_no_ca. Depth is a number which >>>>>>> specifies how deeply >>>>>>> # to verify the certificate issuer chain before deciding the >>>>>>> certificate is >>>>>>> # not valid. >>>>>>> #SSLVerifyClient require >>>>>>> #SSLVerifyDepth 10 >>>>>>> >>>>>>> >>>>>>> 2015-03-11 12:27 GMT+01:00 LoveWeb2py <atayl...@gmail.com>: >>>>>>> >>>>>>>> Those are exactly the two I don't have so far from the list I saw >>>>>>>> in another post I have: >>>>>>>> >>>>>>>> SSL_CIPHER, SSL_CLIENT_I_DN, SSL_CLIENT_CERT, SSL_CLIENT_VERIFY >>>>>>>> >>>>>>>> The following are not being passed (probably a problem with my >>>>>>>> ssl.conf: >>>>>>>> SSL_CLIENT_RAW_CERT, SSL_SESSION_ID, SSL_CLIENT_SERIAL >>>>>>>> >>>>>>>> Almost there! :) I'll post the fix when I find it >>>>>>>> >>>>>>>> >>>>>>>> On Tuesday, March 10, 2015 at 7:56:45 PM UTC-4, Niphlod wrote: >>>>>>>>> >>>>>>>>> debug it, debug it, debug it. >>>>>>>>> >>>>>>>>> AFAICS, x509_auth.py requires: >>>>>>>>> >>>>>>>>> ssl_client_raw_cert >>>>>>>>> optional ssl_client_serial >>>>>>>>> >>>>>>>>> On Wednesday, March 11, 2015 at 12:04:51 AM UTC+1, LoveWeb2py >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> so I did {{=request.env}} and I can see the SSL DATA certificate >>>>>>>>>> in another app, but for some reason the app that requires the data >>>>>>>>>> isn't >>>>>>>>>> being passed. Going to keep troubleshooting that app because I >>>>>>>>>> really want >>>>>>>>>> to use the x509 authentication with web2py!! >>>>>>>>>> >>>>>>>>>> for some reason the x509 auth isn't working still. Going to keep >>>>>>>>>> pressing and will post a fix when I find it. Thank you so much for >>>>>>>>>> your >>>>>>>>>> help Niphlod. I hope this helps others in the future! >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Tuesday, March 10, 2015 at 6:40:29 PM UTC-4, Niphlod wrote: >>>>>>>>>>> >>>>>>>>>>> what if you return somewhere this dict (takes the "SSL*" env >>>>>>>>>>> variables and prints it) >>>>>>>>>>> >>>>>>>>>>> def yourcode(): >>>>>>>>>>> ......... >>>>>>>>>>> debug_values = {} >>>>>>>>>>> for k, v in request.env.iteritems(): >>>>>>>>>>> if k.lower().startswith('ssl'): >>>>>>>>>>> debug_values[k] = v >>>>>>>>>>> ......... >>>>>>>>>>> return dict(........., debug_values=debug_values) >>>>>>>>>>> >>>>>>>>>>> just to see if those gets indeed passed along. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>> Resources: >>>>>>>> - http://web2py.com >>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "web2py-users" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to web2py+un...@googlegroups.com. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>> Resources: >>>>>> - http://web2py.com >>>>>> - http://web2py.com/book (Documentation) >>>>>> - http://github.com/web2py/web2py (Source code) >>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "web2py-users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to web2py+un...@googlegroups.com. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.