Never done a patch before, but I think in the night (here are 3PM) I can manage to have a first draft.
I'd have to test it out, but for the beginning .. What wuold be the patch against ? auth.py in trunk or auth.py in 1.85.3? On 23 Set, 14:52, mdipierro <mdipie...@cs.depaul.edu> wrote: > You are right. That would be best. Want to send me a patch? > > On Sep 23, 2:26 am, Niphlod <niph...@gmail.com> wrote: > > > > > I'll try in other words..... I/we (users building rest api) don't want > > the user to be redirected to any page (my own or the default really > > doesn't matter)...all the decorators seems to redirect > > somewhere....instead they "should" call a function (maybe by default a > > redirect, in order to don't break backword compatibility) that, for > > example, I/we can modify raising a 404. > > > On 22 Set, 21:38, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > You want to disable the login page. > > > > You can try > > >auth.settings.actions_disabled.append('login') > > >auth.settings.actions.login_url=URL('your_own_error_page') > > > > On Sep 22, 2:27 pm, Niphlod <niph...@gmail.com> wrote: > > > > > I'm really sorry.... > > > > > I'm looking for an answer to this question: > > > > 2) I saw whatauth.settings.allow_basic_login = True does (and > > > >auth.basic()) and it "allows" thebasicauthentication in addition to > > > > the defaultauth(also with disabled actions). Maybe the defaultauth > > > > can be shut down totally? > > > > > That is quite clear, I guess... I can't find a way to shut down > > > > defaultauthand leave onlybasicauthas the default method for login > > > > > let's explain in other words the other "feature request" instead... > > > > > I don't know in deep all theauthmodule, but (at least for me) is the > > > > one that is less "usable" when you create web services. > > > > what I'm asking is the best way (i.e. the less error prone way) to > > > > have theauthdecorators to return/raise an http status instead of > > > > raising a redirect to login page or the "user" controller. > > > > Right now it seems that you can configure quite all, but all you can > > > > configure is where the user will be redirected when the authorization > > > > fails.... > > > > > If you want to create an interface to a web api, maybe a REST one, you > > > > rarely need to redirect someone to the login page if he is not a valid > > > > user, nor you need to redirect him if he is a valid user without the > > > > permissions to access a particular controller/resource...you just tell > > > > him it's not authorized (the "recommended" behaviour would be to raise > > > > a 404). > > > > > Going by hand to patch theauthmodule substituting all redirects to > > > > something else or creating a new one from scratch seems a little bit a > > > > long catch...maybe who planned and coded theauthmodule will figure > > > > out a "smart" way to enable this behaviour...and I think that web2py > > > > will be a good contender to django-piston or other frameworks of > > > > choice when you are going to create a web [RESTful] API.- Nascondi > > > > testo citato > > > > - Mostra testo citato -- Nascondi testo citato > > - Mostra testo citato -