librelist archives

« back to archive

Trouble with login redirect

Trouble with login redirect

From:
michael kosacki
Date:
2013-03-23 @ 03:34
Hi,

Noob question. I have looked everywhere but feel I'm missing some 
fundamental information.

When I deploy my app on the server (am using fastcgi) everything works as 
expected, except for the redirect from my login page.

Instead of going to:

http://mydomain.com/folder/folder/nextpage.html

it redirects to:

http://mydomain.com/nextpage.html

Here is the code for my login view:

@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()
    if request.method == 'POST' and form.validate_on_submit():
        username = request.form.get('nickname','')
        password = request.form.get('password','')
        user = User.query.filter_by(nickname=username).first()
        if user != None:
            if login_user(user) and user.check_password(password):
                flash("Logged in successfully.")
                return redirect(request.args.get("next") or url_for("index"))
            else:
                flash("Incorrect password")
        else:
            flash("There is no user by that name")
    return render_template("login.html", form=form)

Thanks in advance for any help!

Michael

Re: [flask] Trouble with login redirect

From:
Josh Purvis
Date:
2013-03-23 @ 03:53
What do you have in your form action="" attribute in login.html?

It looks like the 'next' variable is never making it to the 'login.html'
template. Unless it's being injected via a context processor.

Even if it is present, you're trying to access it as a GET argument, upon
POSTing your form.

Josh

On Fri, Mar 22, 2013 at 11:34 PM, michael kosacki <michael@detournity.com>wrote:

> Hi,
>
> Noob question. I have looked everywhere but feel I'm missing some
> fundamental information.
>
> When I deploy my app on the server (am using fastcgi) everything works as
> expected, except for the redirect from my login page.
>
> Instead of going to:
>
> http://mydomain.com/folder/folder/nextpage.html
>
> it redirects to:
>
> http://mydomain.com/nextpage.html
>
> Here is the code for my login view:
>
> @app.route('/login', methods=['GET', 'POST'])
> def login():
>     form = LoginForm()
>     if request.method == 'POST' and form.validate_on_submit():
>         username = request.form.get('nickname','')
>         password = request.form.get('password','')
>         user = User.query.filter_by(nickname=username).first()
>         if user != None:
>             if login_user(user) and user.check_password(password):
>                 flash("Logged in successfully.")
>                 return redirect(request.args.get("next") or
> url_for("index"))
>             else:
>                 flash("Incorrect password")
>         else:
>             flash("There is no user by that name")
>     return render_template("login.html", form=form)
>
> Thanks in advance for any help!
>
> Michael
>
>

Re: [flask] Trouble with login redirect

From:
michael kosacki
Date:
2013-03-23 @ 04:17
It is going to the correct page so "next" is working fine, but the page 
off the main domain url "mydomain.com/next" and skipping the sub folders. 
It should be going to "my domain.com/folder/folder/next"

On Mar 22, 2013, at 8:53 PM, Josh Purvis <joshua.purvis@gmail.com> wrote:

> What do you have in your form action="" attribute in login.html?
> 
> It looks like the 'next' variable is never making it to the 'login.html'
template. Unless it's being injected via a context processor.
> 
> Even if it is present, you're trying to access it as a GET argument, 
upon POSTing your form.
> 
> Josh
> 
> On Fri, Mar 22, 2013 at 11:34 PM, michael kosacki 
<michael@detournity.com> wrote:
> Hi,
> 
> Noob question. I have looked everywhere but feel I'm missing some 
fundamental information.
> 
> When I deploy my app on the server (am using fastcgi) everything works 
as expected, except for the redirect from my login page.
> 
> Instead of going to:
> 
> http://mydomain.com/folder/folder/nextpage.html
> 
> it redirects to:
> 
> http://mydomain.com/nextpage.html
> 
> Here is the code for my login view:
> 
> @app.route('/login', methods=['GET', 'POST'])
> def login():
>     form = LoginForm()
>     if request.method == 'POST' and form.validate_on_submit():
>         username = request.form.get('nickname','')
>         password = request.form.get('password','')
>         user = User.query.filter_by(nickname=username).first()
>         if user != None:
>             if login_user(user) and user.check_password(password):
>                 flash("Logged in successfully.")
>                 return redirect(request.args.get("next") or url_for("index"))
>             else:
>                 flash("Incorrect password")
>         else:
>             flash("There is no user by that name")
>     return render_template("login.html", form=form)
> 
> Thanks in advance for any help!
> 
> Michael
> 
> 
> 

Re: [flask] Trouble with login redirect

From:
Mark Steve Samson
Date:
2013-03-23 @ 11:28
For one it's unsafe to pass around next without cleaning it up. I doubt
there's something funny happening with redirect. Have you tried check for
the value of next or manually specifying the value in redirect?

On Saturday, March 23, 2013, michael kosacki wrote:

> It is going to the correct page so "next" is working fine, but the page
> off the main domain url "mydomain.com/next" and skipping the sub folders.
> It should be going to "my domain.com/folder/folder/next"
>
> On Mar 22, 2013, at 8:53 PM, Josh Purvis 
<joshua.purvis@gmail.com<javascript:_e({}, 'cvml', 
'joshua.purvis@gmail.com');>>
> wrote:
>
> What do you have in your form action="" attribute in login.html?
>
> It looks like the 'next' variable is never making it to the 'login.html'
> template. Unless it's being injected via a context processor.
>
> Even if it is present, you're trying to access it as a GET argument, upon
> POSTing your form.
>
> Josh
>
> On Fri, Mar 22, 2013 at 11:34 PM, michael kosacki 
<michael@detournity.com<javascript:_e({}, 'cvml', 
'michael@detournity.com');>
> > wrote:
>
>> Hi,
>>
>> Noob question. I have looked everywhere but feel I'm missing some
>> fundamental information.
>>
>> When I deploy my app on the server (am using fastcgi) everything works as
>> expected, except for the redirect from my login page.
>>
>> Instead of going to:
>>
>> http://mydomain.com/folder/folder/nextpage.html
>>
>> it redirects to:
>>
>> http://mydomain.com/nextpage.html
>>
>> Here is the code for my login view:
>>
>> @app.route('/login', methods=['GET', 'POST'])
>> def login():
>>     form = LoginForm()
>>     if request.method == 'POST' and form.validate_on_submit():
>>         username = request.form.get('nickname','')
>>         password = request.form.get('password','')
>>         user = User.query.filter_by(nickname=username).first()
>>         if user != None:
>>             if login_user(user) and user.check_password(password):
>>                 flash("Logged in successfully.")
>>                 return redirect(request.args.get("next") or
>> url_for("index"))
>>             else:
>>                 flash("Incorrect password")
>>         else:
>>             flash("There is no user by that name")
>>     return render_template("login.html", form=form)
>>
>> Thanks in advance for any help!
>>
>> Michael
>>
>>
>
>

Re: [flask] Trouble with login redirect

From:
michael kosacki
Date:
2013-03-23 @ 23:08
Mark, I'm not sure i can parse your first sentence. Not really a redirect 
problem. Thanks for the input Mark and Josh.

I have tracked down the problem to my fastcgi environment. I'm on shared 
hosting at the moment and can't set up a lighttpd server. I believe Flask 
is "unaware" that it is being served from a sub directory, so redirects to
the domain's root directory. Again I'm new to this so I may be wrong.

While I suspect it's possible to use nginx I think my life will be easier 
if I switch to a vps and can just run mod_wsgi.

Michael

On Mar 23, 2013, at 4:28 AM, Mark Steve Samson <hello@marksteve.com> wrote:

> For one it's unsafe to pass around next without cleaning it up. I doubt 
there's something funny happening with redirect. Have you tried check for 
the value of next or manually specifying the value in redirect?
> 
> On Saturday, March 23, 2013, michael kosacki wrote:
> It is going to the correct page so "next" is working fine, but the page 
off the main domain url "mydomain.com/next" and skipping the sub folders. 
It should be going to "my domain.com/folder/folder/next"
> 
> On Mar 22, 2013, at 8:53 PM, Josh Purvis <joshua.purvis@gmail.com> wrote:
> 
>> What do you have in your form action="" attribute in login.html?
>> 
>> It looks like the 'next' variable is never making it to the 
'login.html' template. Unless it's being injected via a context processor.
>> 
>> Even if it is present, you're trying to access it as a GET argument, 
upon POSTing your form.
>> 
>> Josh
>> 
>> On Fri, Mar 22, 2013 at 11:34 PM, michael kosacki 
<michael@detournity.com> wrote:
>> Hi,
>> 
>> Noob question. I have looked everywhere but feel I'm missing some 
fundamental information.
>> 
>> When I deploy my app on the server (am using fastcgi) everything works 
as expected, except for the redirect from my login page.
>> 
>> Instead of going to:
>> 
>> http://mydomain.com/folder/folder/nextpage.html
>> 
>> it redirects to:
>> 
>> http://mydomain.com/nextpage.html
>> 
>> Here is the code for my login view:
>> 
>> @app.route('/login', methods=['GET', 'POST'])
>> def login():
>>     form = LoginForm()
>>     if request.method == 'POST' and form.validate_on_submit():
>>         username = request.form.get('nickname','')
>>         password = request.form.get('password','')
>>         user = User.query.filter_by(nickname=username).first()
>>         if user != None:
>>             if login_user(user) and user.check_password(password):
>>                 flash("Logged in successfully.")
>>                 return redirect(request.args.get("next") or url_for("index"))
>>             else:
>>                 flash("Incorrect password")
>>         else:
>>             flash("There is no user by that name")
>>     return render_template("login.html", form=form)
>> 
>> Thanks in advance for any help!
>> 
>> Michael
>> 
>> 
>> 
> 

Re: [flask] Trouble with login redirect

From:
Steven Kryskalla
Date:
2013-03-23 @ 23:24
On Sat, Mar 23, 2013 at 4:08 PM, michael kosacki <michael@detournity.com> wrote:
> I have tracked down the problem to my fastcgi environment. I'm on shared
> hosting at the moment and can't set up a lighttpd server. I believe Flask is
> "unaware" that it is being served from a sub directory, so redirects to the
> domain's root directory. Again I'm new to this so I may be wrong.

You probably need to fix the headers passed to your flask app so it
knows you're running from a subdirectory:

http://flask.pocoo.org/snippets/35/

Re: [flask] Trouble with login redirect

From:
Mark Steve Samson
Date:
2013-03-24 @ 05:41
If next is just passed as a GET argument, some may try to do:
http://mydomain.com/login?next=http://phishingsite.com


On Sun, Mar 24, 2013 at 7:24 AM, Steven Kryskalla <skryskalla@gmail.com>wrote:

> On Sat, Mar 23, 2013 at 4:08 PM, michael kosacki <michael@detournity.com>
> wrote:
> > I have tracked down the problem to my fastcgi environment. I'm on shared
> > hosting at the moment and can't set up a lighttpd server. I believe
> Flask is
> > "unaware" that it is being served from a sub directory, so redirects to
> the
> > domain's root directory. Again I'm new to this so I may be wrong.
>
> You probably need to fix the headers passed to your flask app so it
> knows you're running from a subdirectory:
>
> http://flask.pocoo.org/snippets/35/
>