Reputation: 466
Web2Py minimal User authentication (username only)
I did not find anything on the web and so I'm asking here.
Is there a way to create a custom auth wich only requires a username? That means to login to a specific subpage one has only to enter a username, no email and no password etc.?
Or is there a better way to do this? E.g. a subpage can only be accessed if the username (or similar) exists in a db table?
Upvotes: 1
Views: 3629
Answers (3)
Reputation: 1
if you want to sign-in with only your unique username and password go to db.py and write this code:
auth.define_tables(username=True,signature=True)
db.auth_user.username.requires = IS_NOT_IN_DB(db, 'auth_user.username')
db.auth_user.email.readable = False
db.auth_user.email.writable = False
db.auth_user.first_name.readable = False
db.auth_user.first_name.writable = False
db.auth_user.last_name.readable = False
db.auth_user.last_name.writable = False
for me it worked
Upvotes: 0
Reputation: 1465
web2py by default allows blank passwords. So simply hide the password fields in the login and registration forms using CSS. You should be able to use the default auth.
Upvotes: 1
Reputation: 5384
Yes you could do something like this:
(in models file, or at the top of the controller(s), or even better make a function decorator)
Check session.logged_in_user to see if it's None, if None, redirect to /default/login where you present the user with a form:
form = FORM(Field('username'), requires=IS_IN_DB(db, db.users.username))
On form submission (see web2py manual for form processing), if valid (e.g. if username exists in db.users table), set session.logged_in_user = request.vars.username
Here's a completish example (untested):
models/Auth.py
# Could also check whether session.logged_in_user exists in DB, but probably not needed
# If so though, should be renamed zAuth or something to come after db.py file
if not session or not session.logged_in_user:
redirect(URL('default','login', vars={'next':request.vars.url}))
controllers/default.py
#in file: controllers/default.py
...
def login():
form = FORM(Field('username', requires=IS_IN_DB(db, db.users.username))
if form.process().accepted:
session.logged_in_user = form.vars.username
redirect(request.vars.next)
elif form.errors:
session.logged_in_user = None # not necessary, but oh well
response.flash = "Please enter a valid username"
return dict(form=form)
views/default/login.html
{{ extend 'layout.html' }}
{{ =form }}
By placing code in a models file, you can ensure it is executed on every page request.
This will not allow you to use web2py's authentication mechanism (i.e. auth = AUTH()), but I'm not sure that you'd want it for this anyway unless you're interested in using groups and permissions, etc. But if that's the case, adding passwords (even if it's a generic password or a blank one) seems like it wouldn't be too much trouble.
Upvotes: 1
Related Questions
- Restful API with authentication
- Web2py Form on-click user Authentication
- Web2Py handle auth form at backend
- Web2py Basic Auth - Authenticated User Info
- Web2py Authentication for Restful service and also application users
- Web2py built-in authentication, after filling in the username, email, etc it generates the following ticket
- Web2py Email Authentication
- How to Handle Login and Registration by Username?
- web2py adding username validation
- Customized web2py registration