:-) On Thursday, 20 August 2015 10:37:22 UTC-5, Richard wrote: > > Also make the redirect a subfunc to be reused... > > On Thu, Aug 20, 2015 at 11:36 AM, Richard Vézina < > [email protected]> wrote: > >> Ok, will do it... >> >> Richard >> >> On Thu, Aug 20, 2015 at 10:53 AM, Anthony <[email protected]> wrote: >> >>> Well, you need to know what "next" is, so the redirect has to come after >>> that. However, there's no reason you couldn't simply refactor the function >>> a bit -- just move the whole block where "next" is defined to the very >>> beginning of the function (you could also move the onaccept, onvalidation, >>> and log definitions earlier) -- that way no unnecessary code will be >>> executed. >>> >>> Anthony >>> >>> >>> On Thursday, August 20, 2015 at 9:54:02 AM UTC-4, Richard wrote: >>>> >>>> Is doing this that far in the login function a waste of time? I mean, >>>> why doing all the form preparation (the validators at the top of the >>>> function)... Your code is cleaner since you flush session._auth_next and >>>> for this reason you need ot wait next var is defined... >>>> >>>> But why this : >>>> >>>> table_user = self.table_user() >>>> settings = self.settings >>>> if 'username' in table_user.fields or \ >>>> not settings.login_email_validate: >>>> tmpvalidator = >>>> IS_NOT_EMPTY(error_message=self.messages.is_empty) >>>> if not settings.username_case_sensitive: >>>> tmpvalidator = [IS_LOWER(), tmpvalidator] >>>> else: >>>> tmpvalidator = >>>> IS_EMAIL(error_message=self.messages.invalid_email) >>>> if not settings.email_case_sensitive: >>>> tmpvalidator = [IS_LOWER(), tmpvalidator] >>>> >>>> request = current.request >>>> response = current.response >>>> session = current.session >>>> >>>> passfield = settings.password_field >>>> try: >>>> table_user[passfield].requires[-1].min_length = 0 >>>> except: >>>> pass >>>> >>>> Comes before exiting the function with the redirect in case user is >>>> already connected... >>>> >>>> The part where request, response, and session get defined is correct to >>>> be above, but I would put the rest below the bloc " ### use session >>>> for federated login" >>>> >>>> What do you think? >>>> >>>> Richard >>>> >>>> >>>> >>>> >>>> >>>> Le mercredi 19 août 2015 17:48:16 UTC-4, Anthony a écrit : >>>>> >>>>> Maybe right after the "next" variable is set here >>>>> <https://github.com/web2py/web2py/blob/master/gluon/tools.py#L2545>, >>>>> something like: >>>>> >>>>> if self.is_logged_in(): >>>>> if next == session._auth_next: >>>>> del session._auth_next >>>>> redirect(next, client_side=settings.client_side) >>>>> >>>>> Maybe abstract those last three lines into a function, as nearly the >>>>> same code is executed in two other places. >>>>> >>>>> Anthony >>>>> >>>>> On Wednesday, August 19, 2015 at 2:23:57 PM UTC-4, Richard wrote: >>>>>> >>>>>> Not sure it required to check if next var is empty or not... If there >>>>>> is no next in the url it should log in...: >>>>>> >>>>>> if self.is_logged_in(): >>>>>> if self.get_vars_next() is not None and self. >>>>>> get_vars_next() != '': >>>>>> redirect(self.get_vars_next()) >>>>>> else: >>>>>> redirect('default', 'index') >>>>>> >>>>>> So, maybe this could be rewrite like so : >>>>>> >>>>>> >>>>>> if self.get_vars_next() is not None and self.get_vars_next() != >>>>>> '' and self.is_logged_in(): >>>>>> redirect(self.get_vars_next()) >>>>>> >>>>>> Richard >>>>>> >>>>>> Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit : >>>>>>> >>>>>>> I had this here and it works... Though, it needs to check if _next >>>>>>> var is populated, if not redirect on default/index maybe... >>>>>>> >>>>>>> What do you think... I am not well versed in security could this >>>>>>> create a security hole? >>>>>>> >>>>>>> def login( >>>>>>> self, >>>>>>> next=DEFAULT, >>>>>>> onvalidation=DEFAULT, >>>>>>> onaccept=DEFAULT, >>>>>>> log=DEFAULT, >>>>>>> ): >>>>>>> """ >>>>>>> returns a login form >>>>>>> >>>>>>> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT >>>>>>> [, onaccept=DEFAULT [, log=DEFAULT]]]]) >>>>>>> >>>>>>> """ >>>>>>> *if self.is_logged_in():* >>>>>>> * redirect(self.get_vars_next())* >>>>>>> >>>>>>> table_user = self.table_user() >>>>>>> settings = self.settings >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit : >>>>>>>> >>>>>>>> Nop it only cas_login related... >>>>>>>> >>>>>>>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Is the function that perform the check is : allow_access()?? >>>>>>>>> >>>>>>>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Exactly, I was reading the code figure where the credentials >>>>>>>>>> check is perform... >>>>>>>>>> >>>>>>>>>> I will try to make a PR, if I can find the right place... I will >>>>>>>>>> send here before what I come up with if you want to review... >>>>>>>>>> >>>>>>>>>> Richard >>>>>>>>>> >>>>>>>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony wrote: >>>>>>>>>> >>>>>>>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> I often, fall on this annoying issue... I alway leaves multiple >>>>>>>>>>>> tabs all accessing my app open... When the browser get restart, >>>>>>>>>>>> all this >>>>>>>>>>>> tabs get redirected to "user/login?_next=..." URL when I have been >>>>>>>>>>>> logged >>>>>>>>>>>> out from the system... I found it unpleasant that, if I log in in >>>>>>>>>>>> one of >>>>>>>>>>>> the tab, I can't just refresh the other tabs... Reload the page >>>>>>>>>>>> still >>>>>>>>>>>> require me to input my credentials again or that I remove the >>>>>>>>>>>> "user/login?_next=" from the URL to avoid log in even if I am >>>>>>>>>>>> logged in... >>>>>>>>>>>> >>>>>>>>>>>> I don't know if we could implement something that would make >>>>>>>>>>>> some redirection to the next URL component on page reload and how >>>>>>>>>>>> this >>>>>>>>>>>> could cause overhead of doing so... But it could make this >>>>>>>>>>>> repetitive task >>>>>>>>>>>> a memory if it could be implement easilly... >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Maybe early in the Auth.login method, there could be a check to >>>>>>>>>>> see if the user is already logged in (i.e., check for the existence >>>>>>>>>>> of >>>>>>>>>>> self.user) and if there is a _next URL -- in that case, there could >>>>>>>>>>> just be >>>>>>>>>>> an immediate redirect to the _next URL without bothering with the >>>>>>>>>>> login. >>>>>>>>>>> That way, if you re-login in one tab and then hit refresh in >>>>>>>>>>> another tab, >>>>>>>>>>> the other tab will return to its original page. >>>>>>>>>>> >>>>>>>>>>> Anthony >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Richard >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Resources: >>>>>>>>>>> - http://web2py.com >>>>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "web2py-users" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
