Login logout #56
Login logout #56
Conversation
# Conflicts: # appService.Json # templates/appService.Json # templates/gulpfile.js # test/biz/test_manage_restaurant.py # web/friend.py # web/static/js/appService.Json # web/static/js/gulpfile.js # web/static/vendor/jquery-easing/jquery.easing.compatibility.js # web/static/vendor/jquery-easing/jquery.easing.js # web/static/vendor/jquery-easing/jquery.easing.min.js # web/templates/LICENSE # web/templates/blank.html # web/templates/gulpfile.js # web/templates/login.html
# Conflicts: # routes.py # test/biz/test_manage_restaurant.py # web/__init__.py # web/login.py # web/templates/404.html # web/templates/blank.html # web/templates/breadcrumb.html # web/templates/footer.html # web/templates/header.html # web/templates/index.html # web/templates/login.html # web/templates/nav.html # web/templates/register.html # web/templates/sidebar.html # web/templates/tables.html
web/templates/logoutModal.html
Outdated
| @@ -0,0 +1,18 @@ | |||
| <!-- Logout Modal--> | |||
| <div class="modal fade" id="logoutModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true"> | |||
There was a problem hiding this comment.
Delete this file, it's not being used and looks like it's just doubled up.
| return redirect(target) | ||
|
|
||
|
|
||
| @LOGIN_BLUEPRINT.route("/", methods=['GET', 'POST']) |
There was a problem hiding this comment.
in my head this feels like this should be '/login' and '/' should redirect back to '/login' if user isn't logged in
There was a problem hiding this comment.
it gets mounted in the router as /login/. it's just '/' relative to the blueprint. you can see in __init__.py how the blueprint is mounted under /login.
| return render_template('login.html', page_title=page_title) | ||
| if request.method == 'POST': | ||
| session['username'] = request.form['email'] | ||
| return redirect_back('index.index') |
There was a problem hiding this comment.
Why does it look to me like it's only posting the email for login..?
There was a problem hiding this comment.
For now there's no actual authentication going on. This would be the work for the next pull request, to connect the staff table with this login code.
|
Yep 👍
…On Tue, 16 Oct 2018 at 07:57, Christine Vinaviles ***@***.***> wrote:
***@***.**** requested changes on this pull request.
I'm going to see if I can help out with this a little bit after work but
ideally, we should be using this against the staff.py model to authenticate
the user. Right?
------------------------------
In web/templates/logoutModal.html
<#56 (comment)>:
> @@ -0,0 +1,18 @@
+<!-- Logout Modal-->
+<div class="modal fade" id="logoutModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
Delete this file, it's not being used and looks like it's just doubled up.
------------------------------
In web/login.py
<#56 (comment)>:
> +def get_redirect_target():
+ for target in request.values.get('next'), request.referrer:
+ if not target:
+ continue
+ if is_safe_url(target):
+ return target
+
+
+def redirect_back(endpoint, **values):
+ target = request.form['next']
+ if not target or not is_safe_url(target):
+ target = url_for(endpoint, **values)
+ return redirect(target)
+
+
***@***.***_BLUEPRINT.route("/", methods=['GET', 'POST'])
in my head this feels like this should be '/login' and '/' should redirect
back to '/login' if user isn't logged in
------------------------------
In web/login.py
<#56 (comment)>:
> def index():
- page_title = 'Intelligent Restaurant System - Login'
- return render_template('login.html', page_title=page_title)
+ if request.method == 'POST':
+ session['username'] = request.form['email']
+ return redirect_back('index.index')
Why does it look to me like it's only posting the email for login..?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#56 (review)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACE7eEIHVkgXRhyd2WjZN-GDICj-HhXXks5ulPamgaJpZM4XWxxd>
.
|
|
So i'm just thinking about this a little more. I think that combining this with the staff.py class is out of scope of this pull request. We can make another pull request which implements that. |
|
Happy to do staff.py in another PR |
chrisstime
added
ready to merge
|
What's the |
|
Also, in this PR are you actually doing the authentication on the backend (i.e. hitting the db). Or was that going to be in another PR? |
|
Gonna double check the necessity of the env file. And there is a comment where we should implement the auth check - which will be another PR |
|
@arosspope @chrisstime this is ready to go. If you approve just do the squash&merge. |
Implementing some login and logout functionality.
The login info is not checked yet.