[web2py] Re: digitally signed urls

Thu, 09 Nov 2017 07:16:50 -0800 

>
> @auth.requires_login()
> def main_func(): 
>     form = SQLFORM(db.atable) 
>     if form.process(onvalidation=..., dbio=False).accepted: 
>          rtn = scheduler.queue_task(task_func,….) 
>          if not rtn.id:      #there are errors 
>              raise HTTP(404) 
>          else: 
>              redirect(URL('accept_func', args=[...])) 
>     elif form.errors: 
>           ... 
>     else: 
>          ...
>
>
>
> *accept_func* calls an ajax: *task_completed* to test for task completion 
> (rtn.id) every 5 seconds till task.status=='COMPLETED' or 'failure' (NOT 
> COMPLETED after 5 calls)
>

accept_func is a web2py controller action, so it wouldn't be making Ajax 
requests, which must come from the browser. Is main_func an Ajax component 
(which would mean accept_func must also be an Ajax component)? Are you 
saying that once the accept_func component is loaded in the browser, it 
makes Ajax requests from the browser every 5 seconds to task_completed?
 

>
> If i make no mistake, there's a possiblity that auth.user expires before 
> the entire process finishes so i am not sure it's a good idea to decorate 
> *accept_func* (@auth.requires_login()) or* task_completed* 
> (@auth.requires_signature())
>

As long as you are making requests the login won't expire, as the 
expiration is measured from the time of the last request.

Anyway, if you want to use digital signatures, I don't see why you can't 
simply generate URLs with URL(..., user_signature=True) and then decorate 
both accept_func and task_completed with @auth.requires_signature().

Also, note that if you don't care about limiting a given user's requests 
based on the specific URL args and vars, you can simply decorate 
accept_func and task_completed with @auth.requires_login(). Digital 
signatures for URLs add extra protection in case you need to restrict 
access to only a particular URL (i.e., a particular combination of args and 
vars).

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to