librelist archives

« back to archive

Login with redirect to inbound url

Login with redirect to inbound url

From:
James Anderson
Date:
2013-01-03 @ 16:43
Hello,

I have been using 401 responses in my app to notify users that they are
unauthorized from accessing certain pages up to this point, but someone
brought to my attention that when going to something like.. an account
verification url, they are prompted with a 401 response and can't confirm
their account until they go to the page normally, login, and then go to the
verify url.

I'm wondering what the proper/most elegant solution is to have a response
of my login page, but with a redirect to the inbound url after login is
successful.

Thanks!

Re: [flask] Login with redirect to inbound url

From:
Owein Reese
Date:
2013-01-03 @ 16:53
I've followed suggestions from the "it's dangerous" library to redirect to
a url via email with an auto login action. This is a combo email
confirmation/verification style of methodology. If you don't want to email
users like that you could redirect to a url like you'd send in email.
On Jan 3, 2013 11:49 AM, "James Anderson" <jatroika@gmail.com> wrote:

> Hello,
>
> I have been using 401 responses in my app to notify users that they are
> unauthorized from accessing certain pages up to this point, but someone
> brought to my attention that when going to something like.. an account
> verification url, they are prompted with a 401 response and can't confirm
> their account until they go to the page normally, login, and then go to the
> verify url.
>
> I'm wondering what the proper/most elegant solution is to have a response
> of my login page, but with a redirect to the inbound url after login is
> successful.
>
> Thanks!
>

Re: [flask] Login with redirect to inbound url

From:
Shriram Kunchanapalli
Date:
2013-01-03 @ 17:01
I was just about to mention

http://stackoverflow.com/questions/13367709/what-is-the-workflow-for-a-secure-verify-by-email-system

On Thu, Jan 3, 2013 at 10:23 PM, Owein Reese <owreese@gmail.com> wrote:

> I've followed suggestions from the "it's dangerous" library to redirect to
> a url via email with an auto login action. This is a combo email
> confirmation/verification style of methodology. If you don't want to email
> users like that you could redirect to a url like you'd send in email.
> On Jan 3, 2013 11:49 AM, "James Anderson" <jatroika@gmail.com> wrote:
>
>> Hello,
>>
>> I have been using 401 responses in my app to notify users that they are
>> unauthorized from accessing certain pages up to this point, but someone
>> brought to my attention that when going to something like.. an account
>> verification url, they are prompted with a 401 response and can't confirm
>> their account until they go to the page normally, login, and then go to the
>> verify url.
>>
>> I'm wondering what the proper/most elegant solution is to have a response
>> of my login page, but with a redirect to the inbound url after login is
>> successful.
>>
>> Thanks!
>>
>

Re: [flask] Login with redirect to inbound url

From:
James Anderson
Date:
2013-01-03 @ 17:41
Thanks gentlemen, I think that will probably be the easiest to implement.
Out of curiosity is there a way to key on to a requested url and use it as
a redirection?

Such as..

def foo:
if 'user_id' not in session:
    return redirect(url_for('login', jumpto=request.path)

def login:
    #login code
    ...
    if jumpto:
        redirect(jumpto)


Sorry for the crappy pseudocode.. my brain is a little fuzzy this morning
and I can't get to the flask API at the moment for some reason.


On Thu, Jan 3, 2013 at 9:01 AM, Shriram Kunchanapalli
<kshriram18@gmail.com>wrote:

> I was just about to mention
> 
http://stackoverflow.com/questions/13367709/what-is-the-workflow-for-a-secure-verify-by-email-system
>
>
> On Thu, Jan 3, 2013 at 10:23 PM, Owein Reese <owreese@gmail.com> wrote:
>
>> I've followed suggestions from the "it's dangerous" library to redirect
>> to a url via email with an auto login action. This is a combo email
>> confirmation/verification style of methodology. If you don't want to email
>> users like that you could redirect to a url like you'd send in email.
>>  On Jan 3, 2013 11:49 AM, "James Anderson" <jatroika@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I have been using 401 responses in my app to notify users that they are
>>> unauthorized from accessing certain pages up to this point, but someone
>>> brought to my attention that when going to something like.. an account
>>> verification url, they are prompted with a 401 response and can't confirm
>>> their account until they go to the page normally, login, and then go to the
>>> verify url.
>>>
>>> I'm wondering what the proper/most elegant solution is to have a
>>> response of my login page, but with a redirect to the inbound url after
>>> login is successful.
>>>
>>> Thanks!
>>>
>>
>

Re: [flask] Login with redirect to inbound url

From:
Mark Steve Samson
Date:
2013-01-03 @ 20:11
If you pass an argument to url_for that's not an argument of the route
function then it'll be added to request.args:
...redirect(request.args['jumpto']) You should clean up the jumpyo value
first though.

On Friday, January 4, 2013, James Anderson wrote:

> Thanks gentlemen, I think that will probably be the easiest to implement.
> Out of curiosity is there a way to key on to a requested url and use it as
> a redirection?
>
> Such as..
>
> def foo:
> if 'user_id' not in session:
>     return redirect(url_for('login', jumpto=request.path)
>
> def login:
>     #login code
>     ...
>     if jumpto:
>         redirect(jumpto)
>
>
> Sorry for the crappy pseudocode.. my brain is a little fuzzy this morning
> and I can't get to the flask API at the moment for some reason.
>
>
> On Thu, Jan 3, 2013 at 9:01 AM, Shriram Kunchanapalli <
> kshriram18@gmail.com <javascript:_e({}, 'cvml', 'kshriram18@gmail.com');>>wrote:
>
>> I was just about to mention
>> 
http://stackoverflow.com/questions/13367709/what-is-the-workflow-for-a-secure-verify-by-email-system
>>
>>
>> On Thu, Jan 3, 2013 at 10:23 PM, Owein Reese 
<owreese@gmail.com<javascript:_e({}, 'cvml', 'owreese@gmail.com');>
>> > wrote:
>>
>>> I've followed suggestions from the "it's dangerous" library to redirect
>>> to a url via email with an auto login action. This is a combo email
>>> confirmation/verification style of methodology. If you don't want to email
>>> users like that you could redirect to a url like you'd send in email.
>>>  On Jan 3, 2013 11:49 AM, "James Anderson" 
<jatroika@gmail.com<javascript:_e({}, 'cvml', 'jatroika@gmail.com');>>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I have been using 401 responses in my app to notify users that they are
>>>> unauthorized from accessing certain pages up to this point, but someone
>>>> brought to my attention that when going to something like.. an account
>>>> verification url, they are prompted with a 401 response and can't confirm
>>>> their account until they go to the page normally, login, and then go to the
>>>> verify url.
>>>>
>>>> I'm wondering what the proper/most elegant solution is to have a
>>>> response of my login page, but with a redirect to the inbound url after
>>>> login is successful.
>>>>
>>>> Thanks!
>>>>
>>>
>>
>