Is doing this that far in the login function a waste of time? I mean, why
doing all the form preparation (the validators at the top of the
function)... Your code is cleaner since you flush session._auth_next and
for this reason you need ot wait next var is defined...
But why this :
table_user = self.table_user()
settings = self.settings
if 'username' in table_user.fields or \
not settings.login_email_validate:
tmpvalidator =
IS_NOT_EMPTY(error_message=self.messages.is_empty)
if not settings.username_case_sensitive:
tmpvalidator = [IS_LOWER(), tmpvalidator]
else:
tmpvalidator =
IS_EMAIL(error_message=self.messages.invalid_email)
if not settings.email_case_sensitive:
tmpvalidator = [IS_LOWER(), tmpvalidator]
request = current.request
response = current.response
session = current.session
passfield = settings.password_field
try:
table_user[passfield].requires[-1].min_length = 0
except:
pass
Comes before exiting the function with the redirect in case user is already
connected...
The part where request, response, and session get defined is correct to be
above, but I would put the rest below the bloc " ### use session for
federated login"
What do you think?
Richard
Le mercredi 19 août 2015 17:48:16 UTC-4, Anthony a écrit :
>
> Maybe right after the "next" variable is set here
> <https://github.com/web2py/web2py/blob/master/gluon/tools.py#L2545>,
> something like:
>
> if self.is_logged_in():
> if next == session._auth_next:
> del session._auth_next
> redirect(next, client_side=settings.client_side)
>
> Maybe abstract those last three lines into a function, as nearly the same
> code is executed in two other places.
>
> Anthony
>
> On Wednesday, August 19, 2015 at 2:23:57 PM UTC-4, Richard wrote:
>>
>> Not sure it required to check if next var is empty or not... If there is
>> no next in the url it should log in...:
>>
>> if self.is_logged_in():
>> if self.get_vars_next() is not None and self.get_vars_next()
>> != '':
>> redirect(self.get_vars_next())
>> else:
>> redirect('default', 'index')
>>
>> So, maybe this could be rewrite like so :
>>
>>
>> if self.get_vars_next() is not None and self.get_vars_next() != ''
>> and self.is_logged_in():
>> redirect(self.get_vars_next())
>>
>> Richard
>>
>> Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit :
>>>
>>> I had this here and it works... Though, it needs to check if _next var
>>> is populated, if not redirect on default/index maybe...
>>>
>>> What do you think... I am not well versed in security could this create
>>> a security hole?
>>>
>>> def login(
>>> self,
>>> next=DEFAULT,
>>> onvalidation=DEFAULT,
>>> onaccept=DEFAULT,
>>> log=DEFAULT,
>>> ):
>>> """
>>> returns a login form
>>>
>>> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT
>>> [, onaccept=DEFAULT [, log=DEFAULT]]]])
>>>
>>> """
>>> *if self.is_logged_in():*
>>> * redirect(self.get_vars_next())*
>>>
>>> table_user = self.table_user()
>>> settings = self.settings
>>>
>>>
>>>
>>>
>>>
>>>
>>> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit :
>>>>
>>>> Nop it only cas_login related...
>>>>
>>>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina <[email protected]
>>>> <javascript:>> wrote:
>>>>
>>>>> Is the function that perform the check is : allow_access()??
>>>>>
>>>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina <[email protected]
>>>>> <javascript:>> wrote:
>>>>>
>>>>>> Exactly, I was reading the code figure where the credentials check is
>>>>>> perform...
>>>>>>
>>>>>> I will try to make a PR, if I can find the right place... I will send
>>>>>> here before what I come up with if you want to review...
>>>>>>
>>>>>> Richard
>>>>>>
>>>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony wrote:
>>>>>>
>>>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I often, fall on this annoying issue... I alway leaves multiple
>>>>>>>> tabs all accessing my app open... When the browser get restart, all
>>>>>>>> this
>>>>>>>> tabs get redirected to "user/login?_next=..." URL when I have been
>>>>>>>> logged
>>>>>>>> out from the system... I found it unpleasant that, if I log in in one
>>>>>>>> of
>>>>>>>> the tab, I can't just refresh the other tabs... Reload the page still
>>>>>>>> require me to input my credentials again or that I remove the
>>>>>>>> "user/login?_next=" from the URL to avoid log in even if I am logged
>>>>>>>> in...
>>>>>>>>
>>>>>>>> I don't know if we could implement something that would make some
>>>>>>>> redirection to the next URL component on page reload and how this
>>>>>>>> could
>>>>>>>> cause overhead of doing so... But it could make this repetitive task a
>>>>>>>> memory if it could be implement easilly...
>>>>>>>>
>>>>>>>
>>>>>>> Maybe early in the Auth.login method, there could be a check to see
>>>>>>> if the user is already logged in (i.e., check for the existence of
>>>>>>> self.user) and if there is a _next URL -- in that case, there could
>>>>>>> just be
>>>>>>> an immediate redirect to the _next URL without bothering with the
>>>>>>> login.
>>>>>>> That way, if you re-login in one tab and then hit refresh in another
>>>>>>> tab,
>>>>>>> the other tab will return to its original page.
>>>>>>>
>>>>>>> Anthony
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Richard
>>>>>>>>
>>>>>>> --
>>>>>>> Resources:
>>>>>>> - http://web2py.com
>>>>>>> - http://web2py.com/book (Documentation)
>>>>>>> - http://github.com/web2py/web2py (Source code)
>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>>>>> ---
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "web2py-users" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to [email protected] <javascript:>.
>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
