Auth(secure=True), thanks Yarin and Niphlod

VERSION

@@ -1 +1 @@
-Version 2.0.9 (2012-10-04 15:06:45) dev
+Version 2.0.9 (2012-10-04 15:12:44) dev

gluon/main.py

@@ -123,6 +123,8 @@ except:
 
 load()
 
+HTTPS_SCHEMES = set(('https','HTTPS'))
+
 def get_client(env):
     """
     guess the client address from the environment variables
@@ -445,8 +447,9 @@ def wsgibase(environ, responder):
                     ajax = x_req_with == 'xmlhttprequest',
                     cid = env.http_web2py_component_element,
                     is_local = env.remote_addr in local_hosts,
-                    is_https = env.wsgi_url_scheme \
-                        in ['https', 'HTTPS'] or env.https=='on')
+                    is_https = env.wsgi_url_scheme in HTTPS_SCHEMES \
+                        or request.env.http_x_forwarded_proto in HTTPS_SCHEMES \
+                        or env.https=='on')
                 request.uuid = request.compute_uuid() # requires client
                 request.url = environ['PATH_INFO']
 

gluon/tools.py

@@ -1050,7 +1050,7 @@ class Auth(object):
 
     def __init__(self, environment=None, db=None, mailer=True,
                  hmac_key=None, controller='default', function='user',
-                 cas_provider=None, signature=True):
+                 cas_provider=None, signature=True, secure=False):
         """
         auth=Auth(db)
 
@@ -1070,6 +1070,9 @@ class Auth(object):
         session = current.session
         auth = session.auth
         self.user_groups = auth and auth.user_groups or {}
+        if secure and not request.is_https:
+            session.secure()
+            redirect(URL(args=request.args,vars=request.vars,scheme='http'))
         if auth and auth.last_visit and auth.last_visit + \
                 datetime.timedelta(days=0, seconds=auth.expiration) > request.now:
             self.user = auth.user