3

I have just started looking at web2py, so many things in the approach are nwe, such as the use of defaults for views etc. I spent many hours trying to figure out how to get people to log in and in the end put 

@auth.requires_login()

at the start of a controller method. This magically brought up a registration form after which the new user was logged in. I am not sure I fully understand what is going on behind the scenes, but one step at a time.

However, I would like to provide a logout button and have no idea how that might be achieved. Clearly I need to somehow call the default logout. So I need to add a url to the submit form/button and presumably create a controller to match the url, but what will the method to logout look like?

In the user method are the exposes statements, but no idea what they mean or how to use them. All those dots confuse me.

jimscafe
  • 1,081
  • 2
  • 14
  • 24

1 Answers1

4

I spent many hours trying to figure out how to get people to log in

Did you read this section of the book? It explains the use of @auth.requires_login() and how the default user() function works to expose the login functionality (as well how to create a separate action specifically for login if desired). In the scaffolding application, the default.py controller includes the following user() function to expose all of the Auth actions:

def user():
    return dict(form=auth())

In a URL like "/myapp/default/user/[action]", the requested Auth action (i.e., the last element of the URL) will be available in request.args[0]. When the above function calls auth(), the Auth __call__() method reads the action from request.args[0] and then calls the appropriate Auth method. If the URL is "/myapp/default/user/login", auth() will ultimately call the auth.login() method, which will return (and handle the processing of) the login form. You can also call auth.login() directly if you want to create your own custom login action.

Similarly, the URL "/myapp/default/user/logout" will ultimately call the auth.logout() method, which will log out the user. So, if you want to enable logout, just generate a link to the logout URL -- the best way is to use the URL() function:

A('Logout', _href=URL('default', 'user', args='logout'))

Note, in the scaffolding application, the layout.html view uses auth.navbar() to insert the Auth navbar in the upper right of the page -- when a user is logged in, that navbar automatically includes a "Logout" link like the one above.

Anthony
  • 25,466
  • 3
  • 28
  • 57
  • I did read the section in the online book. I also bought the book online 'Web2py Cookbook', but I don't see where it says to get a login screen you put the decorator before a method in control. – jimscafe Jun 11 '12 at 11:05
  • If you look at the source code in layout.html there is nothing there that shows /user/login. However if you look at the source code from the web page you can see it there. Thank you for your help, I still think for new users there could be an example of how to add a login screen to a simple application. – jimscafe Jun 11 '12 at 11:08
  • In the section on [Auth decorators](http://web2py.com/books/default/chapter/29/9#Decorators) it says, "If the visitor is not logged in, then the permission cannot be checked; the visitor is redirected to the login page and then back to the page that requires permissions". So, the decorators not only restrict access, but if the user isn't logged in, they redirect to the login page. Perhaps this could be made more clear. – Anthony Jun 11 '12 at 22:02
  • Regarding layout.html, as I mentioned in the answer above, layout.html includes `auth.navbar()` -- it is the call to `auth.navbar()` that generates the Auth links (login, register, logout, etc.). It's just a helper for convenience -- you don't have to use it -- you can generate your own links instead. – Anthony Jun 11 '12 at 22:06