Done! On Thu, Aug 20, 2015 at 3:06 PM, Massimo Di Pierro < [email protected]> wrote:
> :-) > > > On Thursday, 20 August 2015 10:37:22 UTC-5, Richard wrote: >> >> Also make the redirect a subfunc to be reused... >> >> On Thu, Aug 20, 2015 at 11:36 AM, Richard Vézina < >> [email protected]> wrote: >> >>> Ok, will do it... >>> >>> Richard >>> >>> On Thu, Aug 20, 2015 at 10:53 AM, Anthony <[email protected]> wrote: >>> >>>> Well, you need to know what "next" is, so the redirect has to come >>>> after that. However, there's no reason you couldn't simply refactor the >>>> function a bit -- just move the whole block where "next" is defined to the >>>> very beginning of the function (you could also move the onaccept, >>>> onvalidation, and log definitions earlier) -- that way no unnecessary code >>>> will be executed. >>>> >>>> Anthony >>>> >>>> >>>> On Thursday, August 20, 2015 at 9:54:02 AM UTC-4, Richard wrote: >>>>> >>>>> Is doing this that far in the login function a waste of time? I mean, >>>>> why doing all the form preparation (the validators at the top of the >>>>> function)... Your code is cleaner since you flush session._auth_next and >>>>> for this reason you need ot wait next var is defined... >>>>> >>>>> But why this : >>>>> >>>>> table_user = self.table_user() >>>>> settings = self.settings >>>>> if 'username' in table_user.fields or \ >>>>> not settings.login_email_validate: >>>>> tmpvalidator = >>>>> IS_NOT_EMPTY(error_message=self.messages.is_empty) >>>>> if not settings.username_case_sensitive: >>>>> tmpvalidator = [IS_LOWER(), tmpvalidator] >>>>> else: >>>>> tmpvalidator = >>>>> IS_EMAIL(error_message=self.messages.invalid_email) >>>>> if not settings.email_case_sensitive: >>>>> tmpvalidator = [IS_LOWER(), tmpvalidator] >>>>> >>>>> request = current.request >>>>> response = current.response >>>>> session = current.session >>>>> >>>>> passfield = settings.password_field >>>>> try: >>>>> table_user[passfield].requires[-1].min_length = 0 >>>>> except: >>>>> pass >>>>> >>>>> Comes before exiting the function with the redirect in case user is >>>>> already connected... >>>>> >>>>> The part where request, response, and session get defined is correct >>>>> to be above, but I would put the rest below the bloc " ### use >>>>> session for federated login" >>>>> >>>>> What do you think? >>>>> >>>>> Richard >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Le mercredi 19 août 2015 17:48:16 UTC-4, Anthony a écrit : >>>>>> >>>>>> Maybe right after the "next" variable is set here >>>>>> <https://github.com/web2py/web2py/blob/master/gluon/tools.py#L2545>, >>>>>> something like: >>>>>> >>>>>> if self.is_logged_in(): >>>>>> if next == session._auth_next: >>>>>> del session._auth_next >>>>>> redirect(next, client_side=settings.client_side) >>>>>> >>>>>> Maybe abstract those last three lines into a function, as nearly the >>>>>> same code is executed in two other places. >>>>>> >>>>>> Anthony >>>>>> >>>>>> On Wednesday, August 19, 2015 at 2:23:57 PM UTC-4, Richard wrote: >>>>>>> >>>>>>> Not sure it required to check if next var is empty or not... If >>>>>>> there is no next in the url it should log in...: >>>>>>> >>>>>>> if self.is_logged_in(): >>>>>>> if self.get_vars_next() is not None and self. >>>>>>> get_vars_next() != '': >>>>>>> redirect(self.get_vars_next()) >>>>>>> else: >>>>>>> redirect('default', 'index') >>>>>>> >>>>>>> So, maybe this could be rewrite like so : >>>>>>> >>>>>>> >>>>>>> if self.get_vars_next() is not None and self.get_vars_next() != >>>>>>> '' and self.is_logged_in(): >>>>>>> redirect(self.get_vars_next()) >>>>>>> >>>>>>> Richard >>>>>>> >>>>>>> Le mercredi 19 août 2015 14:17:41 UTC-4, Richard a écrit : >>>>>>>> >>>>>>>> I had this here and it works... Though, it needs to check if _next >>>>>>>> var is populated, if not redirect on default/index maybe... >>>>>>>> >>>>>>>> What do you think... I am not well versed in security could this >>>>>>>> create a security hole? >>>>>>>> >>>>>>>> def login( >>>>>>>> self, >>>>>>>> next=DEFAULT, >>>>>>>> onvalidation=DEFAULT, >>>>>>>> onaccept=DEFAULT, >>>>>>>> log=DEFAULT, >>>>>>>> ): >>>>>>>> """ >>>>>>>> returns a login form >>>>>>>> >>>>>>>> method: Auth.login([next=DEFAULT [, onvalidation=DEFAULT >>>>>>>> [, onaccept=DEFAULT [, log=DEFAULT]]]]) >>>>>>>> >>>>>>>> """ >>>>>>>> *if self.is_logged_in():* >>>>>>>> * redirect(self.get_vars_next())* >>>>>>>> >>>>>>>> table_user = self.table_user() >>>>>>>> settings = self.settings >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Le mercredi 19 août 2015 14:01:40 UTC-4, Richard a écrit : >>>>>>>>> >>>>>>>>> Nop it only cas_login related... >>>>>>>>> >>>>>>>>> On Wed, Aug 19, 2015 at 2:00 PM, Richard Vézina < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Is the function that perform the check is : allow_access()?? >>>>>>>>>> >>>>>>>>>> On Wed, Aug 19, 2015 at 1:59 PM, Richard Vézina < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Exactly, I was reading the code figure where the credentials >>>>>>>>>>> check is perform... >>>>>>>>>>> >>>>>>>>>>> I will try to make a PR, if I can find the right place... I will >>>>>>>>>>> send here before what I come up with if you want to review... >>>>>>>>>>> >>>>>>>>>>> Richard >>>>>>>>>>> >>>>>>>>>>> On Wed, Aug 19, 2015 at 1:54 PM, Anthony wrote: >>>>>>>>>>> >>>>>>>>>>>> On Wednesday, August 19, 2015 at 1:20:49 PM UTC-4, Richard >>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> >>>>>>>>>>>>> I often, fall on this annoying issue... I alway leaves >>>>>>>>>>>>> multiple tabs all accessing my app open... When the browser get >>>>>>>>>>>>> restart, >>>>>>>>>>>>> all this tabs get redirected to "user/login?_next=..." URL when I >>>>>>>>>>>>> have been >>>>>>>>>>>>> logged out from the system... I found it unpleasant that, if I >>>>>>>>>>>>> log in in >>>>>>>>>>>>> one of the tab, I can't just refresh the other tabs... Reload the >>>>>>>>>>>>> page >>>>>>>>>>>>> still require me to input my credentials again or that I remove >>>>>>>>>>>>> the >>>>>>>>>>>>> "user/login?_next=" from the URL to avoid log in even if I am >>>>>>>>>>>>> logged in... >>>>>>>>>>>>> >>>>>>>>>>>>> I don't know if we could implement something that would make >>>>>>>>>>>>> some redirection to the next URL component on page reload and how >>>>>>>>>>>>> this >>>>>>>>>>>>> could cause overhead of doing so... But it could make this >>>>>>>>>>>>> repetitive task >>>>>>>>>>>>> a memory if it could be implement easilly... >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Maybe early in the Auth.login method, there could be a check to >>>>>>>>>>>> see if the user is already logged in (i.e., check for the >>>>>>>>>>>> existence of >>>>>>>>>>>> self.user) and if there is a _next URL -- in that case, there >>>>>>>>>>>> could just be >>>>>>>>>>>> an immediate redirect to the _next URL without bothering with the >>>>>>>>>>>> login. >>>>>>>>>>>> That way, if you re-login in one tab and then hit refresh in >>>>>>>>>>>> another tab, >>>>>>>>>>>> the other tab will return to its original page. >>>>>>>>>>>> >>>>>>>>>>>> Anthony >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Richard >>>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Resources: >>>>>>>>>>>> - http://web2py.com >>>>>>>>>>>> - http://web2py.com/book (Documentation) >>>>>>>>>>>> - http://github.com/web2py/web2py (Source code) >>>>>>>>>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>>>>>>>>> --- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "web2py-users" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> -- >>>> Resources: >>>> - http://web2py.com >>>> - http://web2py.com/book (Documentation) >>>> - http://github.com/web2py/web2py (Source code) >>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "web2py-users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
