Ok it looks like the bug is related to:
URL('action/additional_parms', user_signature=True) if you have something
in addition to the action @auth.requires_signature fails.
When using: FORM(_action=URL('adviewer','savesettings/location',
user_signature=True)) or redirect(URL('payment/%s' %
has_unpaid_orders.access_key, user_signature=True)) with
@auth.requires_signature() on the action it fails with access denied.
On Wed, Feb 22, 2012 at 3:19 PM, Bruce Wade <bruce.w...@gmail.com> wrote:
> When using user_signature=True in a form that action goes to another
> method and that method has @auth.requires_signature I am getting access
> denied, if I remove the @auth.requires_signature I still see the signature
> but don't have the access denied message.
>
> FORM:
> # adviewer.viewads();
>
> locationform=FORM(
> DIV(
> SELECT(countries_options,_id='by-country',_name='country',
> _onchange="updateProvinces(this)", value=selected_country),
> _id='country_options', _class='filter-selects'
> ),
> DIV(
> SELECT(provinces_options,_id='by-province',
> _name='province_state',_onchange="updateCities(this)",
> value=selected_province),
> _id='province_options', _class='filter-selects'
> ),
> DIV(SELECT(
> cities_options,_id='by-province', _name='city',
> value=selected_city),
> _id='city_options', _class='filter-selects'
> ),
> DIV(_class='clear'),
> INPUT(_type='submit', _value='Save', _class='filter-btn'),
> _name='locationform',
> _action=URL('adviewer','savesettings/location',
> user_signature=True)
> )
>
> Capture Method:
> # adviewer.savesettings()
> // URL submitted to this method:
> http://127.0.0.1:8000/zh/adviewer/savesettings/location?_signature=82ef7150a3c6eaac57032c8bd943b42789828025
> @auth.requires_login()
> @auth.requires_signature() # If I remove this there is no access denied.
> def savesettings():
> print request.vars
> print request.args(0)
> from youadAPI.adviewer_api import AdViewerEngine
> if request.args(0) == 'location':
> adviewer_engine.update_or_create_adviewer_settings(
> AdViewerEngine.location,
> dict(
> country=request.vars['country'],
> province=request.vars['province_state'],
> city=request.vars['city']
> )
> )
> elif request.args(0) == 'language':
> adviewer_engine.update_or_create_adviewer_settings(
> AdViewerEngine.language,
> dict(
> language = request.vars['language']
> )
> )
> elif request.args(0) == 'keywords':
> adviewer_engine.update_or_create_adviewer_settings(
> AdViewerEngine.keywords,
> dict(
> keywords = request.vars['keywords']
> )
> )
>
> --
> --
> Regards,
> Bruce Wade
> http://ca.linkedin.com/in/brucelwade
> http://www.wadecybertech.com
> http://www.warplydesigned.com
> http://www.fitnessfriendsfinder.com
>
--
--
Regards,
Bruce Wade
http://ca.linkedin.com/in/brucelwade
http://www.wadecybertech.com
http://www.warplydesigned.com
http://www.fitnessfriendsfinder.com
