Docs: one link in "Login Exemple" is dead

[slashformotion]

In index.rst there is a dead link

Login Example
=============

Once a user has authenticated, you log them in with the `login_user`
function.

    For example:


.. code-block:: python

    @app.route('/login', methods=['GET', 'POST'])
    def login():
        # Here we use a class of some kind to represent and validate our
        # client-side form data. For example, WTForms is a library that will
        # handle this for us, and we use a custom LoginForm to validate.
        form = LoginForm()
        if form.validate_on_submit():
            # Login and validate the user.
            # user should be an instance of your `User` class
            login_user(user)

            flask.flash('Logged in successfully.')

            next = flask.request.args.get('next')
            # is_safe_url should check if the url is safe for redirects.
            # See http://flask.pocoo.org/snippets/62/ for an example.
            if not is_safe_url(next):
                return flask.abort(400)

            return flask.redirect(next or flask.url_for('index'))
        return flask.render_template('login.html', form=form)

---

The link http://flask.pocoo.org/snippets/62/ is not working.

Desktop (please complete the following information):

• OS: Linux mint
• Browser: Vivaldi (chrome based)

[davevanfleet]

I found an archived version of the broken link. I can create a gist with an updated version of the example and update the link in the docs. Any maintainer ok with me working on it?

[slashformotion]

I can if you want, i am not a maintainer but we can fork it and fix this

[davevanfleet]

Here's the most recent archive from Wayback Machine. http://web.archive.org/web/20190524230221/http://flask.pocoo.org/snippets/62/
It looks like it's not up to date with Python 3

[slashformotion]

what makes you think that it will not run on Python 3.x ?

[slashformotion]

looks like this snippets is not showing a good way to solve the problem, seems like there is a vulnerability

http://web.archive.org/web/20190517194235/http://homakov.blogspot.com/2014/01/evolution-of-open-redirect-vulnerability.html

[davevanfleet]

from urlparse import urlparse, urljoin should be from urllib.parse import urlparse, urljoin for Python3. I haven't taken a really close look at the example, but I noticed that as a red flag that it will need to be updated.

[slashformotion]

i will look at it in the week end if i find some time to work on that. Otherwise, it will wait

[YKdvd]

Someone extracted an is_url_safe() from Django awhile back and packaged it up as a standalone PyPi project:
https://pypi.org/project/is-safe-url
It might be something to consider pointing at in the docs?
https://gitlab.com/MarkusH/is_safe_url/-/blob/master/is_safe_url.py

Also, https://flask-login.readthedocs.io/en/latest/ hasn't been updated with docs from 0.5.0.

[slashformotion]

@YKdvd

Do you know if flask login is maintained ? This lack of activity is rather alarming

[PanderMusubi]

@slashformotion , apparently a new release is coming soon, see #589 (comment)