Also make the redirect a subfunc to be reused... On Thu, Aug 20, 2015 at 11:36 AM, Richard Vézina < [email protected]> wrote:
> Ok, will do it... > > Richard > > On Thu, Aug 20, 2015 at 10:53 AM, Anthony <[email protected]> wrote: > >> Well, you need to know what "next" is, so the redirect has to come after >> that. However, there's no reason you couldn't simply refactor the function >> a bit -- just move the whole block where "next" is defined to the very >> beginning of the function (you could also move the onaccept, onvalidation, >> and log definitions earlier) -- that way no unnecessary code will be >> executed. >> >> Anthony >> >> >> On Thursday, August 20, 2015 at 9:54:02 AM UTC-4, Richard wrote: >>> >>> Is doing this that far in the login function a waste of time? I mean, >>> why doing all the form preparation (the validators at the top of the >>> function)... Your code is cleaner since you flush session._auth_next and >>> for this reason you need ot wait next var is defined... >>> >>> But why this : >>> >>> table_user = self.table_user() >>> settings = self.settings >>> if 'username' in table_user.fields or \ >>> not settings.login_email_validate: >>> tmpvalidator = >>> IS_NOT_EMPTY(error_message=self.messages.is_empty) >>> if not settings.username_case_sensitive: >>> tmpvalidator = [IS_LOWER(), tmpvalidator] >>> else: >>> tmpvalidator = >>> IS_EMAIL(error_message=self.messages.invalid_email) >>> if not settings.email_case_sensitive: >>> tmpvalidator = [IS_LOWER(), tmpvalidator] >>> >>> request = current.request >>> response = current.response >>> session = current.session >>> >>> passfield = settings.password_field >>> try: >>> table_user[passfield].requires[-1].min_length = 0 >>> except: >>> pass >>> >>> Comes before exiting the function with the redirect in case user is >>> already connected... >>> >>> The part where request, response, and session get defined is correct to >>> be above, but I would put the rest below the bloc " ### use session >>> for federated login" >>> >>> What do you think? >>> >>> Richard >>> >>> >>> >>> >>> >>> Le mercredi 19 août 2015 17:48:16 UTC-4, Anthony a écrit : >>>> >>>> Maybe right after the "next" variable is set here >>>> <https://github.com/web2py/web2py/blob/master/gluon/tools.py#L2545>, >>>> something like: >>>> >>>> if self.is_logged_in(): >>>> if next == session._auth_next: >>>> del session._auth_next >>>> redirect(next, client_side=settings.client_side) >>>> >>>> Maybe abstract those last three lines into a function, as nearly the >>>> same code is executed in two other places. >>>> >>>> Anthony >>>> >>>> On Wednesday, August 19, 2015 at 2:23:57 PM UTC-4, Richard wrote: >>>>> >>>>> Not sure it required to check if next var is empty or not... If there >>>>> is no next in the url it should log in...: >>>>> >>>>> if self.is_logged_in(): >>>>> if self.get_vars_next() is not None and self.get_vars_next >>>>> () != '': >>>>> redirect(self.get_vars_next()) >>>>> else: >>>>> redirect('default', 'index') >>>>> >>>>> So, maybe this could be rewrite like so : >>>>> >>>>> >>>>> if self.get_vars_next() is not None and self.get_vars_next() != '' >>>>> and self.is_logged_in(): >>>>> redirect(self.get_vars_next()) >>>>> >>>>> Richard >>>>> >>>>> Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit : >>>>>> >>>>>> I had this here and it works... Though, it needs to check if _next >>>>>> var is populated, if not redirect on default/index maybe... >>>>>> >>>>>> What do you think... I am not well versed in security could this >>>>>> create a security hole? >>>>>> >>>>>> def login( >>>>>> self, >>>>>> next=DEFAULT, >>>>>> onvalidation=DEFAULT, >>>>>> onaccept=DEFAULT, >>>>>> log=DEFAULT, >>>>>> ): >>>>>> """ >>>>>> returns a login form >>>>>> >>>>>> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT >>>>>> [, onaccept=DEFAULT [, log=DEFAULT]]]]) >>>>>> >>>>>> """ >>>>>> *if self.is_logged_in():* >>>>>> * redirect(self.get_vars_next())* >>>>>> >>>>>> table_user = self.table_user() >>>>>> settings = self.settings >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit : >>>>>>> >>>>>>> Nop it only cas_login related... >>>>>>> >>>>>>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Is the function that perform the check is : allow_access()?? >>>>>>>> >>>>>>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Exactly, I was reading the code figure where the credentials check >>>>>>>>> is perform... >>>>>>>>> >>>>>>>>> I will try to make a PR, if I can find the right place... I will >>>>>>>>> send here before what I come up with if you want to review... >>>>>>>>> >>>>>>>>> Richard >>>>>>>>> >>>>>>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony wrote: >>>>>>>>> >>>>>>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote: >>>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> I often, fall on this annoying issue... I alway leaves multiple >>>>>>>>>>> tabs all accessing my app open... When the browser get restart, all >>>>>>>>>>> this >>>>>>>>>>> tabs get redirected to "user/login?_next=..." URL when I have been >>>>>>>>>>> logged >>>>>>>>>>> out from the system... I found it unpleasant that, if I log in in >>>>>>>>>>> one of >>>>>>>>>>> the tab, I can't just refresh the other tabs... Reload the page >>>>>>>>>>> still >>>>>>>>>>> require me to input my credentials again or that I remove the >>>>>>>>>>> "user/login?_next=" from the URL to avoid log in even if I am >>>>>>>>>>> logged in... >>>>>>>>>>> >>>>>>>>>>> I don't know if we could implement something that would make >>>>>>>>>>> some redirection to the next URL component on page reload and how >>>>>>>>>>> this >>>>>>>>>>> could cause overhead of doing so... But it could make this >>>>>>>>>>> repetitive task >>>>>>>>>>> a memory if it could be implement easilly... >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Maybe early in the Auth.login method, there could be a check to >>>>>>>>>> see if the user is already logged in (i.e., check for the existence >>>>>>>>>> of >>>>>>>>>> self.user) and if there is a _next URL -- in that case, there could >>>>>>>>>> just be >>>>>>>>>> an immediate redirect to the _next URL without bothering with the >>>>>>>>>> login. >>>>>>>>>> That way, if you re-login in one tab and then hit refresh in another >>>>>>>>>> tab, >>>>>>>>>> the other tab will return to its original page. >>>>>>>>>> >>>>>>>>>> Anthony >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Richard >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Resources: >>>>>>>>>> - http://web2py.com >>>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>>>> --- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "web2py-users" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> -- >> Resources: >> - http://web2py.com >> - http://web2py.com/book (Documentation) >> - http://github.com/web2py/web2py (Source code) >> - https://code.google.com/p/web2py/issues/list (Report Issues) >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
