New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: redirect after login/register with OAuth #910
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,8 +5,9 @@ | |
|
||
<script type="text/javascript"> | ||
|
||
var baseLoginUrl = {{url_for('AuthOAuthView.login')}}; | ||
var baseRegisterUrl = {{url_for('AuthOAuthView.login')}}; | ||
var baseLoginUrl = "{{url_for('AuthOAuthView.login')}}"; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This was interesting... we're missing the quotes, so this actually gets translated to: var baseLoginUrl = /login/; Which works because it defines a regular expression that later gets cast to a string when it's concatenated to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. God... There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's ok, I blame Javascript. :) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hello @dpgaspar @betodealmeida , If some one logged in to FlaskAppBuilder using twitter account and in between someone delete/disable his twitter account then is user still able to use FlaskAppBuilder app (if he did not logout manually) or get Access Denied Error and How we are validating user authenticity in running application. |
||
var baseRegisterUrl = "{{url_for('AuthOAuthView.login')}}"; | ||
var next = "?next={{request.args.get('next', '')}}" | ||
|
||
var currentSelection = ""; | ||
|
||
|
@@ -20,13 +21,13 @@ | |
|
||
function signin() { | ||
if (currentSelection != "") { | ||
window.location.href = baseLoginUrl + currentSelection; | ||
window.location.href = baseLoginUrl + currentSelection + next; | ||
} | ||
} | ||
|
||
function register() { | ||
if (currentSelection != "") { | ||
window.location.href = baseRegisterUrl + currentSelection + '/register'; | ||
window.location.href = baseRegisterUrl + currentSelection + '/register' + next; | ||
} | ||
} | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,3 +8,4 @@ Flask-Login>=0.3,<0.5 | |
Flask-OpenID>=1.2.5,<2 | ||
Flask-SQLAlchemy>=2.3,<3 | ||
Flask-WTF>=0.14.2,<1 | ||
PyJWT>=1.7.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see this fix for only AuthOAuthView, but how do ensure this
next=request.url
variable will be utilized in AuthDBView, AuthLDAPView,AuthRemoteUserView and they are sent to the index page, instead of the page they tried to visit initially.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True @ankursinghal2005, One would have to replicate the same logic to all child classes.
Hey @betodealmeida are willing to do it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not the right person to do it, since I don't have access to an LDAP auth server. Maybe @ankursinghal2005 can do it for the auth system they're using?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@betodealmeida
I have tested below LDAP test server. It is working fine. You can see it for your reference. I can further work on remaining child classes after this PR gets merged into master.
Online LDAP Test Server Link
https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
When using LDAP Auth, setup the ldap server
AUTH_TYPE = AUTH_LDAP
AUTH_LDAP_SERVER = "ldap://ldap.forumsys.com:389"
AUTH_LDAP_SEARCH = "dc=example,dc=com"
AUTH_LDAP_BIND_USER = "uid=riemann,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice!!