Free and open source full-stack enterprise framework for agile development of secure database-driven web-based applications, written and programmable in Python.

Readme

web2py is a free open source full-stack framework for rapid development of fast, scalable, secure and portable database-driven web-based applications.

It is written and programmable in Python. LGPLv3 License

Learn more at http://web2py.com

Google App Engine deployment

cp examples/app.yaml ./
cp handlers/gaehandler.py ./

Then edit ./app.yaml and replace "yourappname" with yourappname.

Important reminder about this GIT repo

An important part of web2py is the Database Abstraction Layer (DAL). In early 2015 this was decoupled into a separate code-base (PyDAL). In terms of git, it is a sub-module of the main repository.

The use of a sub-module requires a one-time use of the --recursive flag for git clone if you are cloning web2py from scratch.

git clone --recursive https://github.com/web2py/web2py.git

If you have an existing repository, the commands below need to be executed at least once:

git submodule update --init --recursive

If you have a folder gluon/dal you must remove it:

rm -r gluon/dal

PyDAL uses a separate stable release cycle to the rest of web2py. PyDAL releases will use a date-naming scheme similar to Ubuntu. Issues related to PyDAL should be reported to its separate repository.

Documentation (readthedocs.org)

Docs Status

Tests

Build Status MS Build Status Coverage Status

Installation Instructions

To start web2py there is NO NEED to install it. Just unzip and do:

python web2py.py

That's it!!!

web2py directory structure

project/
    README
    LICENSE
    VERSION                    > this web2py version
    web2py.py                  > the startup script
    anyserver.py               > to run with third party servers
    ...                        > other handlers and example files
    gluon/                     > the core libraries
        packages/              > web2py submodules
          dal/
        contrib/               > third party libraries
        tests/                 > unittests
    applications/              > are the apps
        admin/                 > web based IDE
            ...
        examples/              > examples, docs, links
            ...
        welcome/               > the scaffolding app (they all copy it)
            ABOUT
            LICENSE
            models/
            views/
            controllers/
            sessions/
            errors/
            cache/
            static/
            uploads/
            modules/
            cron/
            tests/
        ...                    > your own apps
    examples/                  > example config files, mv .. and customize
    extras/                    > other files which are required for building web2py
    scripts/                   > utility and installation scripts
    handlers/
        wsgihandler.py         > handler to connect to WSGI
        ...                    > handlers for Fast-CGI, SCGI, Gevent, etc
    site-packages/             > additional optional modules
    logs/                      > log files will go in there
    deposit/                   > a place where web2py stores apps temporarily

Issues?

Report issues at https://github.com/web2py/web2py/issues

Comments
  • Possible security bug in default mySQL/web2py setup

    Possible security bug in default mySQL/web2py setup

    Not sure where to report this: don't want to disclose too much, but the hole is such an obvious one that I might just have misunderstood the web2py syntax. Where should I report so that it is not public?

  • parameter of ajax put request is empty in Python 3

    parameter of ajax put request is empty in Python 3

    I tested the latest version 2.15.2 and I've got a problem when accessing ajax post parameters with web2py under Python 3.

    The client sends a PUT request using jquery like this: $.ajax('<url>', { data: JSON.stringify({ outputFormat: 'pdf' }), type: "PUT", contentType: "application/json", success: function(data) { alert('success'); }, error: function(jqXHR, textStatus, errorThrown) { alert('error'); } });

    in the controller I access the parameter output_format = request.vars.outputFormat

    when using Python 2.7 the variable output_format is set to 'pdf' as expected. When using Python 3.5 the variable is None.

  • scheduler.queue_task() is broken by validation

    scheduler.queue_task() is broken by validation

    This used to work, but now even the example in the book doesn't work.

    >>> scheduler.queue_task('demo1', [1,2])
    <Row {'errors': {'status': 'Value not allowed', 'start_time': 'Enter date and time as 1963-08-28 14:30:59', 'period': 'Enter an integer greater than or equal to 0', 'sync_output': 'Enter an integer greater than or equal to 0
    ', 'timeout': 'Enter an integer greater than or equal to 1', 'application_name': 'Enter a value', 'retry_failed': 'Enter an integer greater than or equal to -1', 'repeats': 'Enter an integer greater than or equal to 0'}, 'id
    ': None, 'uuid': None}>
    
    
  • Auth refactor

    Auth refactor

    Extracted many methods into a base class for more generic auth mechanisms.

    Partially addresses #1526 Includes a solution for IS_LOWER and IS_UPPER validator problems I mentioned in #1353

  • Support to python 3.8/3.9/3.10

    Support to python 3.8/3.9/3.10

    Hello, are there any full support predictions for python 3.8 / 3.9 / 3.10? For example I noticed that (with python3.8) the "{{else:}}" statement in the view doesn't work.

    Regards

  • After updating from 2.18.1 to 2.18.2 the session.flash messages all show as b'<message>'

    After updating from 2.18.1 to 2.18.2 the session.flash messages all show as b''

    Describe the bug After updating from 2.18.1 to 2.18.2 the session.flsh messages all show as b''

    To Reproduce Just login on any app that shows session.flash. The 'Hello World' message from the welcome app uses response.flash and not session.flash and thus it does not show the problem.

    Desktop (please complete the following information): Windows 7 Pro x64 w/SP1 + all upgrades Firefox 65.0.1 x64 Python 3.7.1 x86

  • load with ajax=false ignored if url parameter set

    load with ajax=false ignored if url parameter set

    {{=LOAD(c='referee', f='grid.load', ajax=False, ajax_trap=True, vars=dict(customer=id), target='referee')}} {{=LOAD(url=URL(c='referee2', f='grid.load', vars=dict(customer=id)), ajax=False, ajax_trap=True, target='referee2')}}

    referee2 is requested with ajax=True despite the parameter ajax=False.

  • fix issue#1261: security issue: gluon.tools.Expose will follow symlinks

    fix issue#1261: security issue: gluon.tools.Expose will follow symlinks

  • Drop python 2.5

    Drop python 2.5

    The last security bug fix release (source only) of python 2.5 has been publish in 2011. https://www.python.org/download/releases/2.5.6/ There are no tests on travis-ci for python 2.5.

  • Setting map_hyphen=True in routes.py breaks codemirror editor

    Setting map_hyphen=True in routes.py breaks codemirror editor

    The codemirror breaks once I set the map_hypen to True.

    In my routes.py I have:

    routers = dict(
        BASE=dict(
            default_application='mycoolapp',
            map_hyphen=True,
        )
    )
    

    When I try to use the web-based web2py editor it fails to load.

    Looking at the console I see the following 404's:

    screen shot 2015-02-02 at 5 35 16 pm

    The path goes from being an _2.9.5 to -2.9.5 which is expected behavior for the URLS, however because the directory starts with a _ and gets changed to - it causes problem. For example http://localhost:8000/admin/static/-2.9.5/js/typeahead.min.js

  • Can't define referenced table after it's referencing from web2py v2.9.3

    Can't define referenced table after it's referencing from web2py v2.9.3

    From d.bu..._at_gmail.com on March 08, 2014 12:14:54

    What steps will reproduce the problem? 1. Define referenced table after it's referencing 2. Set lazy_tables=False (means don't activate lazy_tables) 3. Call any app url What is the expected output? What do you see instead? In web2py v2.8.2 everything is fine - you see the controller's result. From version 2.9.3 (including 2.9.4) you see only "KeyError: 'Cannot resolve reference ... in ... definition'" What version of the product are you using? On what operating system? Ubuntu server 12.04 / Ubuntu desktop 13.10; web2py v2.9.4 Please provide any additional information below. Sample error log: Traceback (most recent call last): File "/home/donatas/web2py/gluon/restricted.py", line 217, in restricted exec ccode in environment File "/home/donatas/web2py/applications/welcome/models/db.py", line 87, in Field('subject_id', 'reference subject') File "/home/donatas/web2py/gluon/dal.py", line 8223, in define_table table = self.lazy_define_table(tablename,fields,*args) File "/home/donatas/web2py/gluon/dal.py", line 8260, in lazy_define_table polymodel=polymodel) File "/home/donatas/web2py/gluon/dal.py", line 925, in create_table raise KeyError('Cannot resolve reference %s in %s definition' % (referenced, table._tablename)) KeyError: 'Cannot resolve reference subject in contract definition'

    Original issue: http://code.google.com/p/web2py/issues/detail?id=1896

  • PAM authorization bypass due to incorrect usage

    PAM authorization bypass due to incorrect usage

    While i read code at https://github.com/web2py/web2py/blob/master/gluon/contrib/pam.py#L124

    I found that we only do authenticate without authorization, i.e. without calling pam_acct_mgmt. This can make expired accounts and accounts with expired passwords can still login.

    More details: https://codeql.github.com/codeql-query-help/python/py-pam-auth-bypass/

    Please let me know if I have missed any key details.

    Impact: This can make expired accounts and accounts with expired passwords can still login.

  • Security.md does not provide how to report a security vulnerability

    Security.md does not provide how to report a security vulnerability

    Hi,

    The Security.md file does not provide how or to who we can report a potential security vulnerability, please. If possible, I would like to report one via https://huntr.dev if you are ok with that.

    Regards

  • Web2py from website or from git does not find dal

    Web2py from website or from git does not find dal

    Describe the bug Looks like a bug that was here recently with release few months ago. Web2py downloaded from official website does not include dal.

    To Reproduce

    1. update to latest web2py downloading from https://mdipierro.pythonanywhere.com/examples/static/web2py_src.zip
    2. restart process.

    Expected behavior Web2py does not complain about missing dal.

    Traceback

    Traceback (most recent call last):
      File "~/xxx/web2py/gluon/__init__.py", line 31, in import_packages
        sys.modules[package] = __import__(package)
    ModuleNotFoundError: No module named 'pydal'
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "~/xxx/web2py/wsgihandler.py", line 29, in <module>
        from gluon.settings import global_settings
      File "~/xxx/web2py/gluon/__init__.py", line 35, in <module>
        import_packages()
      File "~/xxx/web2py/gluon/__init__.py", line 33, in import_packages
        raise RuntimeError(MESSAGE % package)
    RuntimeError: web2py depends on pydal, which apparently you have not installed.
    Probably you cloned the repository using git without '--recursive'
    To fix this, please run (from inside your web2py folder):
    
         git submodule update --init --recursive
    

    Desktop (please complete the following information):

    • OS: centos7 (vagrant box generic/centos7 v4.0.0 (latest at time of writing))
    • Web2py version 2.22.4

    Additional context I had the same problem with git version. However when moved one commit below, problem disappeard.

  • pydal do not support mongodb 4.4+

    pydal do not support mongodb 4.4+

    Describe the bug pydal not support mongodb 4.4+

    To Reproduce Steps to reproduce the behavior: when mongodb 4.2 upgrade to mongodb 4.4, web2py pydal (DAL) can‘t work: select tables expect values but return keys。 (to CRUD mongodb directly in python with pymongo , It works fine).

    === env: web2py 2.22.3 pymongo 3.12.3 mongodb 4.4.14 suse 12 sp5 python 2.7.17

  • admin does not pass sorting parameters to next page

    admin does not pass sorting parameters to next page

    Describe the bug appadmin database table view does not pass the column sorting options to the next page

    To Reproduce Steps to reproduce the behavior:

    1. Open appadmin, and select database management
    2. select the table to view, a table with more than 100 entries
    3. on the display of [the first 100] entries, select a column to sort by
    4. observe the sorted results, and then select Next 100 Rows
    5. observe the results sorted by id

    Expected behavior The second page should continue the sorted view, showing the next 100 entries according to the sort selection on the first page.

    Screenshots See attached. admin-init.jpg is the initial view of the table, admin-sorted .jpg is the first page after picking sort by badrand.hits (using the column header to select the sort), and admin-nexted.jpg is the view of the second page after admin-sorted.jpg

    Desktop (please complete the following information): 'Windows-10-10.0.19043-SP0' Chrome Version 101.0.4951.54 (Official Build) (64-bit)

    admin-init admin-sorted admin-nexted

  • Issues with emails using Microsoft 365 mail server

    Issues with emails using Microsoft 365 mail server

    We have changed our mail provider from a small private one to Microsoft 365. I was trying to make web2py use this new & popular mail server for sending out the confirmation emails for new users, as well as other purposes. I kept getting error messages regarding the SSL version not being OK.

    After some digging I found a workaround for this, as follows:

    1. The configuration which works with this mail server is: server=smtp.office365.com port=587 ssl=False tls-True

    2. Modified gluon/tools.py by changing 2 lines: Original: import smtplib Change to: import smtplib, ssl Original: server.starttls() Change to: server.starttls(context=ssl.create_default_context())

    3. I also had to increase the timeout, but that might be due to my specific network. In any case, this can be done ad models/db.py in the email settings section, by adding the line: mail.settings.timeout = configuration.get('timeout') or 60 It will read the "timeout" parameter from the private/appconfig.ini file (if exists) and will set a default of 60 seconds if it doesn't. This is overriding the 5 seconds default hard-coded in glueon/tools.py

    I hope this can help anyone who faces a similar issue. The more senior contributors might consider making this a permanent modification.

Bionic is Python Framework for crafting beautiful, fast user experiences for web and is free and open source

Bionic is fast. It's powered core python without any extra dependencies. Bionic offers stateful hot reload, allowing you to make changes to your code and see the results instantly without restarting your app or losing its state.

Mar 5, 2022
Appier is an object-oriented Python web framework built for super fast app development.
Appier is an object-oriented Python web framework built for super fast app development.

Joyful Python Web App development Appier is an object-oriented Python web framework built for super fast app development. It's as lightweight as possi

Dec 22, 2022
bottle.py is a fast and simple micro-framework for python web-applications.

Bottle: Python Web Framework Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module a

Dec 31, 2022
Sierra is a lightweight Python framework for building and integrating web applications
Sierra is a lightweight Python framework for building and integrating web applications

A lightweight Python framework for building and Integrating Web Applications. Sierra is a Python3 library for building and integrating web applications with HTML and CSS using simple enough syntax. You can develop your web applications with Python, taking advantage of its functionalities and integrating them to the fullest.

Sep 23, 2022
The Python micro framework for building web applications.

Flask Flask is a lightweight WSGI web application framework. It is designed to make getting started quick and easy, with the ability to scale up to co

Jan 6, 2023
Free & open source Rest API for YTDislike

RestAPI Free & open source Rest API for YTDislike, read docs.ytdislike.com for implementing. Todo Add websockets Installation Git clone git clone http

Nov 25, 2021
Asita is a web application framework for python based on express-js framework.

Asita is a web application framework for python. It is designed to be easy to use and be more easy for javascript users to use python frameworks because it is based on express-js framework.

Nov 16, 2021
A public API written in Python using the Flask web framework to determine the direction of a road sign using AI
A public API written in Python using the Flask web framework to determine the direction of a road sign using AI

python-public-API This repository is a public API for solving the problem of the final of the AIIJC competition. The task is to create an AI for the c

Nov 8, 2021
web.py is a web framework for python that is as simple as it is powerful.

web.py is a web framework for Python that is as simple as it is powerful. Visit http://webpy.org/ for more information. The latest stable release 0.62

Dec 30, 2022
Jan 8, 2023
Fully featured framework for fast, easy and documented API development with Flask

Flask RestPlus IMPORTANT NOTICE: This project has been forked to Flask-RESTX and will be maintained by by the python-restx organization. Flask-RESTPlu

Jan 4, 2023
Fully featured framework for fast, easy and documented API development with Flask

Flask RestPlus IMPORTANT NOTICE: This project has been forked to Flask-RESTX and will be maintained by by the python-restx organization. Flask-RESTPlu

Feb 17, 2021
Ape is a framework for Web3 Python applications and smart contracts, with advanced functionality for testing, deployment, and on-chain interactions.

Ape Framework Ape is a framework for Web3 Python applications and smart contracts, with advanced functionality for testing, deployment, and on-chain i

Dec 30, 2022
A high-level framework for building GitHub applications in Python.

A high-level framework for building GitHub applications in Python. Core Features Async Proper ratelimit handling Handles interactions for you (

Apr 12, 2022
APIFlask is a lightweight Python web API framework based on Flask and marshmallow-code projects
APIFlask is a lightweight Python web API framework based on Flask and marshmallow-code projects

APIFlask APIFlask is a lightweight Python web API framework based on Flask and marshmallow-code projects. It's easy to use, highly customizable, ORM/O

Jan 4, 2023
FPS, fast pluggable server, is a framework designed to compose and run a web-server based on plugins.

FPS, fast pluggable server, is a framework designed to compose and run a web-server based on plugins. It is based on top of fastAPI, uvicorn, typer, and pluggy.

Nov 16, 2021
cirrina is an opinionated asynchronous web framework based on aiohttp
cirrina is an opinionated asynchronous web framework based on aiohttp

cirrina cirrina is an opinionated asynchronous web framework based on aiohttp. Features: HTTP Server Websocket Server JSON RPC Server Shared sessions

Mar 5, 2022
Web framework based on type hint。

Hint API 中文 | English 基于 Type hint 的 Web 框架 hintapi 文档 hintapi 实现了 WSGI 接口,并使用 Radix Tree 进行路由查找。是最快的 Python web 框架之一。一切特性都服务于快速开发高性能的 Web 服务。 大量正确的类型

Dec 2, 2022
Trame let you weave various components and technologies into a Web Application solely written in Python.

Trame Trame aims to be a framework for building interactive applications using a web front-end in plain Python. Such applications can be used locally

Dec 29, 2022