I have a password check (not a user login, just a password verification). I have a form that user submits data. The request gets sent to a page, if the password is correct or not they both get back to the same page.
I want to send a argument to the page about the job. I was thinking of something like this: foo.com/page?success.
I can't get shortcuts.redirect to do that.
I am currently doing this:
HttpResponse('<script type="text/javascript">window.location.replace('+reverse('app:index')+');</script>')
redirect redirects to whatever path you give it. If you give it /page?success, it will redirect to that.
Figured it out nevermind
HttpResponseRedirect(reverse('app:index')+'?arg')
This does it.
Related
I am implementing a Oauth for different services and I am using "OAuth2ConsumerBlueprint" (using flask-dance).
I was thinking about Flask-OAuth but I think I would end up with the same issues I am facing with Flask-Dance.
What I am planning to do is:
User go on ".mydomain.com"
User click on Login via FB for example
User goes on social.mydomain.com (so that the authorized URL is always the same)
User after login should be brought to ".mydomain.com"
it looks like I cannot find a way to do it.. It should be feasible. I tried to parse out different information eg.:
print(request)
print(request.referrer)
I even used: #oauth_authorized.connect
Printed all the information to see if I could collect some additional information to reuse
print(vars(request))
print(vars(blueprint))
print(vars(token))
print(session)
Also I tried to add in the GET parameters a "foo" variable to see if I could read it back again from the social.mydomain.com but I couldn't. No idea on how to redirect the user back to the original .mydomain.com
Any suggestions here on how can I have the authentication done on a specific subdomain (so I only need to whitelist one subdomain) and then redirect the user to his own domain?
That is how I setup everything:
facebook = OAuth2ConsumerBlueprint(
"fb_social", __name__, url_prefix='/fb',
client_id=FB_CLIENT_ID,
client_secret=FB_SECRET,
scope='email',
base_url="https://graph.facebook.com/",
token_url="https://graph.facebook.com/oauth/access_token",
authorization_url="https://www.facebook.com/dialog/oauth",
redirect_to='fb_social.social_facebook',
)
Thanks a lot
Hook into the oauth_authorized signal, and return a redirect to the location where you want the user to go.
G'day all,
Does anyone have any experience with the Waterlock flow for passsword resets? I've hit a wall which I can see a work-around for, but it seems really in-elegant, so I'm probably missing something.
When I send through an auth/reset POST with an email element, the system proceeds to shoot the email out as planned.
When I then submit the received link in a POST request, with a password element, I see a "404" response.
HOWEVER
If I submit that link as a GET request first, and then submit the POST it works.
When I look into the waterlock-local-auth source, the reset POST action is testing for the presence of a decrypted token in the request object before allowing it to proceed.
SO
Either I code my front end to send a get request (which doesn't respond properly) and then resubmit as a POST, or I go in and hack the waterlock-local-auth code to include a decode of the token (which is what I'm thinking is the most elegant solution).
Any clues?
Thanks,
Andy
I have got a similar problem, but I use angularjs as my frontend. This discussion thread is very helpful:
https://github.com/waterlock/waterlock-local-auth/issues/7
Basically, you are expected to submit a GET request to the url received in the password reset email. After you click the link with the token, you will find in your database that a new ResetToken record has been created and the value in the token column is exactly the one you see in the url. Then you should be redirected to the forwardUrl in waterlock.js setting, where there should be a form or anything that can make you post to:
http://yourdomain.com/auth/reset?password=newpassword
Then the password is reset and the ResetToken record will be removed from your database.
If you look at the handlePost function here:
https://github.com/waterlock/waterlock-local-auth/blob/master/lib/controllers/actions/reset.js#L68
This can explain why POSTing to the url sent to you in the reset password email returns 404. The resetToken must exist in session already in order that issuePasswordReset to be invoked. And the only place to set req.session.resetToken is within validateToken method:
https://github.com/waterlock/waterlock-local-auth/blob/master/lib/controllers/actions/reset.js#L188
So you need a get request first. Hope this helps.
Ok, so this seems bad (and it probably is, but i have enough doubts at the moment that I want to try it).
I have a Django bases website with a jwplayer flash app embedded on one of the pages. The user has to login to get at that page. The jwplayer just plays an icecast stream.
What I would like/need to do is have it so that only authenticated users can get to the icecast server. At the moment if they grab the url from the webpage, they can get to it fairly trivially.
Icecast can authenticate via POST which I've setup in a django view.
So what I want is for the flashplayer to send the username and password of the user that is logged in, to icecast, which will then authenticate with the same username and password.
My problem is that django doesnt store the actual password, just a hash (a good thing) so I'm beginning to think that I cant really send the user and password to icecast for it to authenticate with.
My other thoughts were to just send the username, and check if that person has already authenticated.
But this would allow someone to listen if someone was already logged in.
Could I do something with a session variable or something?
Django guru's help me! Im open to all and any ideas.
Cheers
Mark.
Why not just have your flash player look for the Django session cookie and then validate against the web server that the user is logged in?
Add something like this to your urls:
(r'^loggedin/', logged_in_user),
Add a view something like this (not tested):
from django.http import HttpResponseForbidden
def logged_in_user(request):
if request.user.is_authenticated():
return HttpResponseForbidden()
else:
response = HttpResponse(mimetype='text/plain')
response.write('ok')
return response
Then just do a get on the /loggedin/ and check the return code, if it's 200 they are logged in if 401 they are not (assuming you are passing in the session cookies)
I am using Twitter OAuth to login users. The login takes users to Twitter and upon successful OAuth returns them to a specified url. From this url I would like to redirect users back to the page they were on before logging in.
What is a good way to do this?
Two ways:
Craft your OAuth URL so it sends them back to the right page, or at least says next=url in the querystring. This is most reliable but can break (and does look ugly but who's copying and pasting OAuth URLs anyway?)
Store a session containing the last requested "real" page. I say "real" like that because I don't count any auth/registration pages as real. So every hit, check to see what URL they're on, if it's not auth-related, store it in session. When they hit your OAuth-auccess page, redirect them to the session value. You can do this in a context processor or some middleware. Requires cookies and logout will nuke it.
i am using redirect url in twitter auth url and its working for me ..
I've got a mobile app that makes POST requests to a Django site.
I want to return a simple string (not a template-based page) after the app makes the POST request, saying 'Success' or 'Failure' (EDIT: plus a bit of extra info) as appropriate.
****EDIT: note that it's not a browser making the request, it's an app (so there's no BACK button involved) and I'd like to do some extra app-side work based on the results of the POST request - basically I want to hand back some information.*****
However I know that after a POST request in Django you're supposed to do a HttpResponseRedirect. But, do I really need to redirect to another page and write a new function to handle it, all to output a string?
And if so, how do I pass the success/failure status of the app in the HttpResponseRedirect, since it's only supposed to take one argument?
Thanks!
If this is a user-generated POST (standard web site), then S. Lott's advice is correct.
But if you're POSTing as an API call, then just return the string. On a mobile device, the customer pays for every HTTP request.
do I really need to redirect to
another page and write a new function
to handle it, all to output a string?
Yes.
If they hit "Back" on the browser, you'll wish you had provided a redirect-after-post.
If you don't redirect and they hit "Back" on the browser, they could repost the form again. You probably don't want to deal with that, so it's easier to redirect after post.
how do I pass the success/failure status of the app in the HttpResponseRedirect
See this: http://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpResponse.status_code
Edit
If there's no browser, then there's no back button. Since there's no back button, there's no need for a redirect.
"after a POST request in Django you're
supposed to do a HttpResponseRedirect"
Doesn't make any sense. You're not "supposed" to do it. Django helps you do it.
You do not redirect after POST as part of web services.
You must redirect after POST to help people use their browser.
As S.Lott says, yes you really do want to redirect.
However I'm not sure what you mean about showing the 'success/failure status of the app" after the redirect. The redirect should only happen if the POST was successful; otherwise, you'd redisplay the form with any validation errors showing.
Is there javascript? Then maybe you could make an ajax request and simply change the content after the result comes. That should also prevent problems from 'Back' and you don't need to redirect.