I am running version 2.13.4 on GAE which runs on python 2.7.5. The problem
arises when using the @auth.allows_jwt() decorator. The error I get is
AttributeError:
'module' object has no attribute 'compare_digest'.
Which is being called in :
def verify_signature(self, body, signature, secret):
mauth = hmac.new(key=secret, msg=body, digestmod=self.digestmod)
return hmac.compare_digest(self.jwt_b64e(mauth.digest()), signature)
I believe this is because hmac.py uses compare_digest in version 2.7.7.
Anyway to use jwt on GAE ?
On Friday, December 25, 2015 at 9:04:11 PM UTC-8, Massimo Di Pierro wrote:
>
> This is issue is now fixed in 2.13.4. :-)
>
> On Friday, 25 December 2015 22:37:54 UTC-6, Πέτρος Χατζηλάμπρος wrote:
>>
>> Mrry Christmas!!!!
>>
>> I found the following bug in version 2.13.3:
>>
>> I am using linux mint and I have a folder named web2py on the ~/Desktop
>> I was using to run web2py by opening terminal and giving the command
>> "python ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0".
>> After the update to version 2.13.3 the following error appears
>> Traceback (most recent call last):
>> File "/home/tsouras/Desktop/web2py/web2py.py", line 6, in <module>
>> import gluon.widget
>> File "/home/tsouras/Desktop/web2py/gluon/widget.py", line 26, in
>> <module>
>> import gluon.main as main
>> File "/home/tsouras/Desktop/web2py/gluon/main.py", line 125, in <module>
>> raise RuntimeError("Cannot determine web2py version")
>> RuntimeError: Cannot determine web2py version
>>
>> So, I did some debugging and I found out
>> that global_settings.gluon_parent is "/home/tsouras" instead of being
>> "/home/tsouras/Desktop/web2py"
>> I overcome this problem by opening terminal and giving command "cd
>> ~Desktop/web2py" before giving the command "python
>> ~/Desktop/web2py/web2py.py -a "tsouras" -i 0.0.0.0"
>>
>> I did not have this problem using the previous version of web2py
>>
>> On Thursday, December 24, 2015 at 5:21:42 PM UTC+2, Massimo Di Pierro
>> wrote:
>>>
>>> web2py 2.13.3 is out. MERRY CHRISTMAS EVERYBODY!!!
>>>
>>> It contains some bug fixes for bugs introduced in 2.13.1-2 and most
>>> importantly it contains experimental support for JWT. Here is how it works:
>>>
>>> 1) instantiate auth with
>>>
>>> auth = Auth(db, jwt = {'secret_key':'secret'})
>>>
>>> where 'secret' is your own secret string.
>>>
>>> 2) Secorate functions that require login but should accept the
>>> JWT token credentials:
>>>
>>> @auth.allows_jwt()
>>> @auth.requires_login()
>>> def myapi(): return 'hello %s' % auth.user.email
>>>
>>> Notice jwt is allowed but not required. if user is logged in,
>>> myapi is accessible.
>>>
>>> 3) Use it!
>>> Now API users can obtain a token with
>>>
>>> http://.../app/default/user/jwt?username=...&password=....
>>>
>>> (returns json object with a token attribute)
>>> API users can refresh an existing token with
>>>
>>> http://.../app/default/user/jwt?token=...
>>>
>>> they can authenticate themselves when calling http:/.../myapi by
>>> injecting a header
>>>
>>> Authorization: Bearer <the jwt token>
>>>
>>> Any additional attributes in the jwt argument of Auth() below:
>>>
>>> auth = Auth(db, jwt = {...})
>>>
>>> are passed to the constructor of class AuthJWT. Look there for
>>> documentation.
>>>
>>> Thanks Niphlod again for implementing this.
>>> Please help us check it so we will declare it stable in the next release.
>>>
>>> Massimo
>>>
>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
