I figured out what was wrong. It all comes down to CORS – CORS and user authentication are quite braindead (http://stackoverflow.com/questions/21850454/how-to-make-xmlhttprequest-cross-domain-withcredentials-http-authorization-cor). I decided to bypass all this CORS shit and do my own user authorization. Works like a charm.
On Saturday, 30 May 2015 19:18:20 UTC-4, horridohobbyist wrote: > > I tried this decorator, too: > > auth.settings.allow_basic_login = True > @auth.requires_login() > > jQuery still chokes on user authorization. Moreover, it tries to redirect > you to a login page, which in my case is not applicable. > > > On Saturday, 30 May 2015 14:32:24 UTC-4, horridohobbyist wrote: >> >> I'm trying to implement a REST api. I've coded the following: >> >> @request.restful() >> def api(): >> response.view = 'generic.json' >> # curl -k --user tyr...@yahoo.ca:Lannister -G -d "var1=something1" >> -d "var2=something2" >> # >> https://miramar21.com/tut_server/default/api/verify/person/:usr/:pwd >> # https://miramar21.com/tut_server/default/api/add/person >> # https://miramar21.com/tut_server/default/api/update/person/:id >> def GET(*args,**vars): >> auth.basic() >> if not auth.user: >> return dict(unauthorized=True) >> try: >> if args[0] == 'verify': >> if len(args) > 3: >> table_name = args[1] >> usr = args[2] >> pwd = args[3] >> alg = 'pbkdf2(1000,20,sha512)' >> hash = str(CRYPT(digest_alg=alg,salt=False)(pwd)[0]) >> row = db(db[table_name].email==usr).select().first() >> if row: >> status = True if row.password == hash else False >> return dict(verified=status,id=row.id) >> return locals() >> if args[0] == 'add': >> if len(args) > 1: >> table_name = args[1] >> return db[table_name].validate_and_insert(**vars) >> return locals() >> if args[0] == 'update': >> if len(args) > 2: >> table_name = args[1] >> record_id = args[2] >> return db(db[table_name]._id==record_id). >> validate_and_update(**vars) >> return locals() >> except: >> return dict(fatal=True) >> return locals() >> return locals() >> >> I have a feeling that I'm not doing user authorization for the REST api >> correctly, although the following cURL command works fine: >> >> curl -k --user tyr...@yahoo.ca:Lannister https:// >> miramar21.com/tut_server/default/api/verify/person/james.b...@outlook.com/Prometheus >> >> When I try to use jQuery ajax to perform the same operation, it chokes on >> the user authorization, whether I use JS headers or beforeSend. So I >> suspect I'm doing something wrong. (But why is cURL working???) >> >> I just want to control user authorization as simply and cleanly as >> possible. >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
