I am writing a web based application that has a same login form in every page,so when user submit login form data sent to '/login/' page that corresponde view to this url will check the data has submitted and if input data was incorrect app must back to previews view and on that view in login form i must write a error that indicate that user entered incorrect data,so my question is how can i send data from login view to previous view(like home) that user entered incorrect data?
You can use sessions ... specifically messages framework
example from docs:
messages.add_message(request, CRITICAL, 'A serious error occurred.')
and related question
Displaying Django Messages Framework Messages
In your login view, you use HttpResponseRedirect to send your user to your home view if the login is successful.
If the login is not successful, show the user the login form along with some error message that you can show the user if needed.
At the home view, you check if the user is logged in - if not, use HttpResponseRedirect to send them to the login view.
Related
This question already has answers here:
How to pass a variable between Flask pages?
(2 answers)
Closed last year.
I am creating a web application in which there is a page (let's call it 'event' page) which is not login protected(i.e. users can see the page without logging in).
The page shows some event details to which user can select if they are attending or not by clicking appropriate button.
Upon clicking the button, user is redirected to login page since they need to login before they can choose an option.
Once the user is goes to login page, I want to redirect the user back to the 'event' page after they login. How do I do that?
If the 'event' page was login protected, I know I can use Flask 'next' to redirect user to the page they were trying to view which needs login. But how do I implement this for pages that are not login protected?
Surprisingly, I used the "session" object in Flask to solve the problem.
I was under the impression that "session" comes into play only after user has logged in, but apparently not.
When user clicked to register their response, before redirecting them to sigin page I stored the current url in the session storage like:
session['prev_url'] = request.url
Then on the signin page, after successful signin, I checked the 'prev_url' key in session, if it exists, I redirected to that page else I redirected to home page. Something like:
if session.get('prev_url') is not None:
return redirect(session.get('prev_url'))
return redirect(url_for('index'))
I have created a page for review form. All users can fill out the form, but only logged in users can submit the form. If users is not logged in, they will be redirected to the login page. After they login, they will be redirected to the profile page.
So the flow will be like this :
User fills out the form > click the submit > redirected to login page > user login and redirected to profile page (at the same time, the form they have filled in is automatically saved)
I want the form they have filled in automatically saved after they login. How to do that?
My idea is to create a session that saves the form temporarily, then save to database after they login. But I'm confused how to write the code
Can anyone explain a bit what a django session is like? and how to write code to handle this problem?
You can try something like,
1 User fills out the form and hits submit
2 in the POST view where you handle the form, use the "**is_authenticated**" function and,
a)if the user is authenticated you handle the form as usual...
b)else set the contents of the form into a session variable in the views and redirect to the login page like,
request.session['review_body'] = request.post.get(the_form_body_field)
3 as per what you've said, after login it goes to profile page and form is submitted...
a)so in views where you serve the profile page, check if the session variable containing form data's exist and has values
b)if yes, directly save the contents from your views and clear the session data
I have a view that looks something like this simplified example:
#decorators.login_required()
def add_data(request):
some_value = request.POST['some_value']
# do stuff.
If a user is authenticated already, this completes successfully. If the user is not authenticated, this redirects to the login page. After the login page, the POST request is sent back to my add_data view is missing some_value and all other POST data.
Is this expected? Is there a way to access the POST data?
I am using the default django.contrib.auth.views.login. I have a custom login.html.
Is this expected?
Yes.
Is there a way to access the POST data?
Probably not, the anonymous user and logged in user will have separate sessions so that won't work.
You might be able to some how store the data in a GET variable and pass it to the login form, and then inspect that.
I'd suggest its just a case where the user has messed up, and they should check they are logged in before submitting things.
I have a form with csrf token that works.
There is also a button to upload a picture via ajax and put the url into a textarea of the first form on the same page. I have some js inplace to set the csrf value and the button also works fine.
If the user is logged in there is absolutely no problem when using first the button to insert the image url and then saving the form.
But when I have a visitor who is not logged in there is a problem: When he uploads a picture a new account is automatically created and the visitor is logged in without him doing anything.
while True:
try:
random_password = User.objects.make_random_password()
random_username = str(uuid.uuid1().hex)[:5]
new_temp_user = User.objects.create_user(random_username, password=random_password)
except IntegrityError:
pass
else:
new_user = authenticate(username=random_username,password=random_password)
login(request,new_user)
break
Since this is done via Ajax he doesn't notice any change to the website he is seeing. Only the url of the uploaded picture gets added to the first form. On the server side he is now a registered user, but he doesn't see it yet. Now when he submits the form the csrf validation fails. The form still has the csrf token in place, but somehow it became invalid.
I suspect that the login process has some influence over the csrf token. Any ideas what I may do about it?
EDIT: I checked some more and it seems that the problem is due to the login. Every login seems to change the csrf value. Now when the user gets a login over ajax the token in the form doesn't update. What may be the best way to update it?
The csrf token is rotated when the user logs in. This was added as a security measure in Django 1.5.2 (release notes).
After the ajax request, you might be able to fetch the new csrf token from the cookie, and update the form in the DOM. Alternatively, you could refresh the page after the user is logged in.
I have a login form. When login button is pressed user's homepage is displayed. But pressing browser's back button takes control back to login form.
I am using django development server.
I have tried inserting meta tags to prevent cache and django #no-cache
But it doesnt work out
The default django login page can be viewed when logged in. You could decorate the login view function and redirect the user if already logged in.
response = <the_way_you_create_response> (ie direct_to_template, HttpResponse)
response['Cache-Control'] = 'no-cache, no-store'
return response
and of course you need to check request.user.is_authenticated() in the view (and do the redirect if value is True)
In your login page you need to check if a users session exists and if it does then you should redirect the user to his homepage.
However, this can't be done with a HTML page so you need to use some kinda server side scripting language(PHP, ASP, JSP Etc) for your login page.