I forgot to mention something important, that is that I'm also using a
custom login form and controller/function, maybe something is being done
wrong in that point.
In the same way that the change password view, for the login, I'm using a
custom html form with email and password inputs, and submitting the post
through ajax to this controller/function that logs in the user:
def _login():
user = auth.login_bare(request.post_vars.email, request.post_vars.
password)
if not user:
return response.json({'success': False, 'error': 'Incorrect access
data'})
else:
session.auth.expiration = auth.settings.expiration
if request.post_vars.remember_me:
session.auth.expiration = auth.settings.long_expiration
session.auth.remember_me = True
response.cookies[response.session_id_name]["expires"] = session.
auth.expiration
return response.json({'success': True})
This is working ok, I don't see anything that could interfeer with changing
the password :/
El domingo, 27 de septiembre de 2015, 10:53:32 (UTC-3), Lisandro escribió:
>
> I'm not using session.secure()
> App runs just over http
>
> I've made a view and write my own custom HTML form, with a couple of
> inputs that request the new password twice, and then I submit the form
> through ajax.
> This is the controller/function that takes that ajax post:
>
> @auth.requires_login()
> def _change_password():
> user_row = db.auth_user[auth.user.id]
> text_pass = request.post_vars.password
> user_row.update_record(password=db.auth_user.password.validate(
> text_pass)[0])
> return response.json({'success': True})
>
> The jQuery code that submits the form through ajax, inspects that
> result.success is True, and redirects to "my account" page that requires
> login.
> Everytime I change my password, the change is performed ok, the
> redirection too, but in that point the user isn't logged anymore, because
> "my account" page requires login and web2py redirects me to login page.
>
> These are my auth settings, just in case:
> auth.settings.login_url = URL('default', 'user', args='login')
> auth.settings.logout_next = URL('default', 'index')
> auth.settings.on_failed_authorization = URL('static', args='403.html')
> auth.settings.create_user_groups = False
> auth.settings.download_url = URL('default', 'download')
> auth.settings.expiration = 172800 # two days, in order to avoid problem
> with Firefox (after short expiration, login isn't possible anymore until
> deleting cookie)
> auth.settings.long_expiration = 2592000 # one month
>
>
>
> El domingo, 27 de septiembre de 2015, 10:41:46 (UTC-3), Anthony escribió:
>>
>> Are you using session.secure() and transitioning from https to http
>> during this process? You may need to show some additional code. Maybe check
>> whether the session cookie is being returned and what is in the session
>> before and after this action.
>>
>> On Sunday, September 27, 2015 at 9:06:08 AM UTC-4, Lisandro wrote:
>>>
>>> I've implemented a custom change password form that works ok. However,
>>> everytime I change my password, web2py logs me out. I would like to stay
>>> logged in.
>>>
>>> The sentence I use to update the password is this:
>>> # user_row variable is the row of the user in auth_user table, and
>>> text_pass is the password in text plain
>>> user_row.update_record(password=db.auth_user.password.validate(text_pass
>>> )[0])
>>>
>>> I've inspeted the Auth code, and I've found this settings, but I can't
>>> figure out how they work (except for the first one that is documented):
>>> auth.settings.change_password_onvalidation
>>> auth.settings.change_password_onaccept
>>>
>>> I've tried calling auth.profile() right after updating the record, but
>>> it still logs me out.
>>> Any help will be appreciated. Thanks!
>>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
