Well, you need to know what "next" is, so the redirect has to come after that. However, there's no reason you couldn't simply refactor the function a bit -- just move the whole block where "next" is defined to the very beginning of the function (you could also move the onaccept, onvalidation, and log definitions earlier) -- that way no unnecessary code will be executed.
Anthony On Thursday, August 20, 2015 at 9:54:02 AM UTC-4, Richard wrote: > > Is doing this that far in the login function a waste of time? I mean, why > doing all the form preparation (the validators at the top of the > function)... Your code is cleaner since you flush session._auth_next and > for this reason you need ot wait next var is defined... > > But why this : > > table_user = self.table_user() > settings = self.settings > if 'username' in table_user.fields or \ > not settings.login_email_validate: > tmpvalidator = > IS_NOT_EMPTY(error_message=self.messages.is_empty) > if not settings.username_case_sensitive: > tmpvalidator = [IS_LOWER(), tmpvalidator] > else: > tmpvalidator = > IS_EMAIL(error_message=self.messages.invalid_email) > if not settings.email_case_sensitive: > tmpvalidator = [IS_LOWER(), tmpvalidator] > > request = current.request > response = current.response > session = current.session > > passfield = settings.password_field > try: > table_user[passfield].requires[-1].min_length = 0 > except: > pass > > Comes before exiting the function with the redirect in case user is > already connected... > > The part where request, response, and session get defined is correct to be > above, but I would put the rest below the bloc " ### use session for > federated login" > > What do you think? > > Richard > > > > > > Le mercredi 19 août 2015 17:48:16 UTC-4, Anthony a écrit : >> >> Maybe right after the "next" variable is set here >> <https://github.com/web2py/web2py/blob/master/gluon/tools.py#L2545>, >> something like: >> >> if self.is_logged_in(): >> if next == session._auth_next: >> del session._auth_next >> redirect(next, client_side=settings.client_side) >> >> Maybe abstract those last three lines into a function, as nearly the same >> code is executed in two other places. >> >> Anthony >> >> On Wednesday, August 19, 2015 at 2:23:57 PM UTC-4, Richard wrote: >>> >>> Not sure it required to check if next var is empty or not... If there is >>> no next in the url it should log in...: >>> >>> if self.is_logged_in(): >>> if self.get_vars_next() is not None and self.get_vars_next() >>> != '': >>> redirect(self.get_vars_next()) >>> else: >>> redirect('default', 'index') >>> >>> So, maybe this could be rewrite like so : >>> >>> >>> if self.get_vars_next() is not None and self.get_vars_next() != '' >>> and self.is_logged_in(): >>> redirect(self.get_vars_next()) >>> >>> Richard >>> >>> Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit : >>>> >>>> I had this here and it works... Though, it needs to check if _next var >>>> is populated, if not redirect on default/index maybe... >>>> >>>> What do you think... I am not well versed in security could this create >>>> a security hole? >>>> >>>> def login( >>>> self, >>>> next=DEFAULT, >>>> onvalidation=DEFAULT, >>>> onaccept=DEFAULT, >>>> log=DEFAULT, >>>> ): >>>> """ >>>> returns a login form >>>> >>>> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT >>>> [, onaccept=DEFAULT [, log=DEFAULT]]]]) >>>> >>>> """ >>>> *if self.is_logged_in():* >>>> * redirect(self.get_vars_next())* >>>> >>>> table_user = self.table_user() >>>> settings = self.settings >>>> >>>> >>>> >>>> >>>> >>>> >>>> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit : >>>>> >>>>> Nop it only cas_login related... >>>>> >>>>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina <[email protected] >>>>> > wrote: >>>>> >>>>>> Is the function that perform the check is : allow_access()?? >>>>>> >>>>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Exactly, I was reading the code figure where the credentials check >>>>>>> is perform... >>>>>>> >>>>>>> I will try to make a PR, if I can find the right place... I will >>>>>>> send here before what I come up with if you want to review... >>>>>>> >>>>>>> Richard >>>>>>> >>>>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony wrote: >>>>>>> >>>>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote: >>>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I often, fall on this annoying issue... I alway leaves multiple >>>>>>>>> tabs all accessing my app open... When the browser get restart, all >>>>>>>>> this >>>>>>>>> tabs get redirected to "user/login?_next=..." URL when I have been >>>>>>>>> logged >>>>>>>>> out from the system... I found it unpleasant that, if I log in in one >>>>>>>>> of >>>>>>>>> the tab, I can't just refresh the other tabs... Reload the page still >>>>>>>>> require me to input my credentials again or that I remove the >>>>>>>>> "user/login?_next=" from the URL to avoid log in even if I am logged >>>>>>>>> in... >>>>>>>>> >>>>>>>>> I don't know if we could implement something that would make some >>>>>>>>> redirection to the next URL component on page reload and how this >>>>>>>>> could >>>>>>>>> cause overhead of doing so... But it could make this repetitive task >>>>>>>>> a >>>>>>>>> memory if it could be implement easilly... >>>>>>>>> >>>>>>>> >>>>>>>> Maybe early in the Auth.login method, there could be a check to see >>>>>>>> if the user is already logged in (i.e., check for the existence of >>>>>>>> self.user) and if there is a _next URL -- in that case, there could >>>>>>>> just be >>>>>>>> an immediate redirect to the _next URL without bothering with the >>>>>>>> login. >>>>>>>> That way, if you re-login in one tab and then hit refresh in another >>>>>>>> tab, >>>>>>>> the other tab will return to its original page. >>>>>>>> >>>>>>>> Anthony >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> Richard >>>>>>>>> >>>>>>>> -- >>>>>>>> Resources: >>>>>>>> - http://web2py.com >>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>> --- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "web2py-users" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
