Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempt to fix login redirect behaviors #211

Merged
merged 1 commit into from
Dec 18, 2023
Merged

Attempt to fix login redirect behaviors #211

merged 1 commit into from
Dec 18, 2023

Conversation

mfisher87
Copy link
Member

@mfisher87 mfisher87 commented Dec 18, 2023
edited by github-actions bot

Must be tested behind proxy to know if it works. I identified two problems here:

  1. flask-dance was redirecting to / by default, but the app in production is hosted behind a proxy at /apps/benefit-tool. We need to generate the correct URL with url_for for the proxy to be taken
    in to account.
  2. The old login route needs to be hit twice to actually log in a user. The first time through, it sends the user to Google, and at the end of that, the user winds back up in the app without having hit the login_user() call. At this point, Google has authorized the user, so when they hit /login again, they'll hit the login_user() call.

Both of these problems are addressed by hooking the oauth_authorized signal (https://flask-dance.readthedocs.io/en/latest/signals.html) and moving the login & user-insertion behavior there.

Resolves #178
Resolves #58

馃摎 Documentation preview 馃摎: https://usaon-benefit-tool--211.org.readthedocs.build/en/211/

mfisher87
mfisher87 commented Dec 18, 2023
View reviewed changes
usaon_benefit_tool/routes/login.py
assert resp.ok, resp.text

user = ensure_user_exists(resp.json())
login_user(user)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rmarow I think our problem is here! When the user hits this endpoint, they get redirected to the google login endpoint and never reach this code that actually logs them in from the application's perspective (login_user)

@mfisher87
Attempt to fix login redirect behaviors
3334099 
Must be tested behind proxy to know if it works. I identified two
problems here:

1) `flask-dance` was redirecting to `/` by default, but the app in
   production is hosted behind a proxy at `/apps/benefit-tool`. We need
   to generate the correct URL with `url_for` for the proxy to be taken
   in to account.
2) The old login route needs to be hit twice to actually log in a user.
   The first time through, it sends the user to Google, and at the end
   of that, the user winds back up in the app without having hit the
   `login_user()` call. At this point, Google has authorized the user,
   so when they hit `/login` again, they'll hit the `login_user()` call.

Both of these problems are addressed by hooking the `oauth_authorized`
signal (https://flask-dance.readthedocs.io/en/latest/signals.html) and
moving the login & user-insertion behavior there.

Resolves #178
Resolves #58
@mfisher87 mfisher87 merged commit ec0976f into main Dec 18, 2023
5 checks passed
@mfisher87 mfisher87 linked an issue Dec 20, 2023 that may be closed by this pull request
500 internal server error sometimes when starting a session #139
Closed
@mfisher87 mfisher87 deleted the issue-178-login-redirect branch December 21, 2023 02:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmarow rmarow Awaiting requested review from rmarow

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@mfisher87