I am running version 2.13.4 on GAE which runs on python 2.7.5. The problem arises when using the @auth.allows_jwt() decorator. The error I get is AttributeError: 'module' object has no attribute 'compare_digest'. Which is being called in :
def verify_signature(self, body, signature, secret): mauth = hmac.new(key=secret, msg=body, digestmod=self.digestmod) return hmac.compare_digest(self.jwt_b64e(mauth.digest()), signature) I believe this is because hmac.py uses compare_digest in version 2.7.7. Anyway to use jwt on GAE ? On Friday, December 25, 2015 at 9:04:11 PM UTC-8, Massimo Di Pierro wrote: > > This is issue is now fixed in 2.13.4. :-) > > On Friday, 25 December 2015 22:37:54 UTC-6, Πέτρος Χατζηλάμπρος wrote: >> >> Mrry Christmas!!!! >> >> I found the following bug in version 2.13.3: >> >> I am using linux mint and I have a folder named web2py on the ~/Desktop >> I was using to run web2py by opening terminal and giving the command >> "python ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0". >> After the update to version 2.13.3 the following error appears >> Traceback (most recent call last): >> File "/home/tsouras/Desktop/web2py/web2py.py", line 6, in <module> >> import gluon.widget >> File "/home/tsouras/Desktop/web2py/gluon/widget.py", line 26, in >> <module> >> import gluon.main as main >> File "/home/tsouras/Desktop/web2py/gluon/main.py", line 125, in <module> >> raise RuntimeError("Cannot determine web2py version") >> RuntimeError: Cannot determine web2py version >> >> So, I did some debugging and I found out >> that global_settings.gluon_parent is "/home/tsouras" instead of being >> "/home/tsouras/Desktop/web2py" >> I overcome this problem by opening terminal and giving command "cd >> ~Desktop/web2py" before giving the command "python >> ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0" >> >> I did not have this problem using the previous version of web2py >> >> On Thursday, December 24, 2015 at 5:21:42 PM UTC+2, Massimo Di Pierro >> wrote: >>> >>> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!! >>> >>> It contains some bug fixes for bugs introduced in 2.13.1-2 and most >>> importantly it contains experimental support for JWT. Here is how it works: >>> >>> 1) instantiate auth with >>> >>> auth = Auth(db, jwt = {'secret_key':'secret'}) >>> >>> where 'secret' is your own secret string. >>> >>> 2) Secorate functions that require login but should accept the >>> JWT token credentials: >>> >>> @auth.allows_jwt() >>> @auth.requires_login() >>> def myapi(): return 'hello %s' % auth.user.email >>> >>> Notice jwt is allowed but not required. if user is logged in, >>> myapi is accessible. >>> >>> 3) Use it! >>> Now API users can obtain a token with >>> >>> http://.../app/default/user/jwt?username=...&password=.... >>> >>> (returns json object with a token attribute) >>> API users can refresh an existing token with >>> >>> http://.../app/default/user/jwt?token=... >>> >>> they can authenticate themselves when calling http:/.../myapi by >>> injecting a header >>> >>> Authorization: Bearer <the jwt token> >>> >>> Any additional attributes in the jwt argument of Auth() below: >>> >>> auth = Auth(db, jwt = {...}) >>> >>> are passed to the constructor of class AuthJWT. Look there for >>> documentation. >>> >>> Thanks Niphlod again for implementing this. >>> Please help us check it so we will declare it stable in the next release. >>> >>> Massimo >>> >>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.