Ok, will do it... Richard
On Thu, Aug 20, 2015 at 10:53 AM, Anthony <[email protected]> wrote: > Well, you need to know what "next" is, so the redirect has to come after > that. However, there's no reason you couldn't simply refactor the function > a bit -- just move the whole block where "next" is defined to the very > beginning of the function (you could also move the onaccept, onvalidation, > and log definitions earlier) -- that way no unnecessary code will be > executed. > > Anthony > > > On Thursday, August 20, 2015 at 9:54:02 AM UTC-4, Richard wrote: >> >> Is doing this that far in the login function a waste of time? I mean, why >> doing all the form preparation (the validators at the top of the >> function)... Your code is cleaner since you flush session._auth_next and >> for this reason you need ot wait next var is defined... >> >> But why this : >> >> table_user = self.table_user() >> settings = self.settings >> if 'username' in table_user.fields or \ >> not settings.login_email_validate: >> tmpvalidator = >> IS_NOT_EMPTY(error_message=self.messages.is_empty) >> if not settings.username_case_sensitive: >> tmpvalidator = [IS_LOWER(), tmpvalidator] >> else: >> tmpvalidator = >> IS_EMAIL(error_message=self.messages.invalid_email) >> if not settings.email_case_sensitive: >> tmpvalidator = [IS_LOWER(), tmpvalidator] >> >> request = current.request >> response = current.response >> session = current.session >> >> passfield = settings.password_field >> try: >> table_user[passfield].requires[-1].min_length = 0 >> except: >> pass >> >> Comes before exiting the function with the redirect in case user is >> already connected... >> >> The part where request, response, and session get defined is correct to >> be above, but I would put the rest below the bloc " ### use session for >> federated login" >> >> What do you think? >> >> Richard >> >> >> >> >> >> Le mercredi 19 août 2015 17:48:16 UTC-4, Anthony a écrit : >>> >>> Maybe right after the "next" variable is set here >>> <https://github.com/web2py/web2py/blob/master/gluon/tools.py#L2545>, >>> something like: >>> >>> if self.is_logged_in(): >>> if next == session._auth_next: >>> del session._auth_next >>> redirect(next, client_side=settings.client_side) >>> >>> Maybe abstract those last three lines into a function, as nearly the >>> same code is executed in two other places. >>> >>> Anthony >>> >>> On Wednesday, August 19, 2015 at 2:23:57 PM UTC-4, Richard wrote: >>>> >>>> Not sure it required to check if next var is empty or not... If there >>>> is no next in the url it should log in...: >>>> >>>> if self.is_logged_in(): >>>> if self.get_vars_next() is not None and self.get_vars_next >>>> () != '': >>>> redirect(self.get_vars_next()) >>>> else: >>>> redirect('default', 'index') >>>> >>>> So, maybe this could be rewrite like so : >>>> >>>> >>>> if self.get_vars_next() is not None and self.get_vars_next() != '' >>>> and self.is_logged_in(): >>>> redirect(self.get_vars_next()) >>>> >>>> Richard >>>> >>>> Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit : >>>>> >>>>> I had this here and it works... Though, it needs to check if _next var >>>>> is populated, if not redirect on default/index maybe... >>>>> >>>>> What do you think... I am not well versed in security could this >>>>> create a security hole? >>>>> >>>>> def login( >>>>> self, >>>>> next=DEFAULT, >>>>> onvalidation=DEFAULT, >>>>> onaccept=DEFAULT, >>>>> log=DEFAULT, >>>>> ): >>>>> """ >>>>> returns a login form >>>>> >>>>> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT >>>>> [, onaccept=DEFAULT [, log=DEFAULT]]]]) >>>>> >>>>> """ >>>>> *if self.is_logged_in():* >>>>> * redirect(self.get_vars_next())* >>>>> >>>>> table_user = self.table_user() >>>>> settings = self.settings >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit : >>>>>> >>>>>> Nop it only cas_login related... >>>>>> >>>>>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Is the function that perform the check is : allow_access()?? >>>>>>> >>>>>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Exactly, I was reading the code figure where the credentials check >>>>>>>> is perform... >>>>>>>> >>>>>>>> I will try to make a PR, if I can find the right place... I will >>>>>>>> send here before what I come up with if you want to review... >>>>>>>> >>>>>>>> Richard >>>>>>>> >>>>>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony wrote: >>>>>>>> >>>>>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote: >>>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I often, fall on this annoying issue... I alway leaves multiple >>>>>>>>>> tabs all accessing my app open... When the browser get restart, all >>>>>>>>>> this >>>>>>>>>> tabs get redirected to "user/login?_next=..." URL when I have been >>>>>>>>>> logged >>>>>>>>>> out from the system... I found it unpleasant that, if I log in in >>>>>>>>>> one of >>>>>>>>>> the tab, I can't just refresh the other tabs... Reload the page still >>>>>>>>>> require me to input my credentials again or that I remove the >>>>>>>>>> "user/login?_next=" from the URL to avoid log in even if I am logged >>>>>>>>>> in... >>>>>>>>>> >>>>>>>>>> I don't know if we could implement something that would make some >>>>>>>>>> redirection to the next URL component on page reload and how this >>>>>>>>>> could >>>>>>>>>> cause overhead of doing so... But it could make this repetitive task >>>>>>>>>> a >>>>>>>>>> memory if it could be implement easilly... >>>>>>>>>> >>>>>>>>> >>>>>>>>> Maybe early in the Auth.login method, there could be a check to >>>>>>>>> see if the user is already logged in (i.e., check for the existence of >>>>>>>>> self.user) and if there is a _next URL -- in that case, there could >>>>>>>>> just be >>>>>>>>> an immediate redirect to the _next URL without bothering with the >>>>>>>>> login. >>>>>>>>> That way, if you re-login in one tab and then hit refresh in another >>>>>>>>> tab, >>>>>>>>> the other tab will return to its original page. >>>>>>>>> >>>>>>>>> Anthony >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Richard >>>>>>>>>> >>>>>>>>> -- >>>>>>>>> Resources: >>>>>>>>> - http://web2py.com >>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "web2py-users" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
