I have seen quite a few questions with this in mind, but haven't been able to address my issue. I have a Flask app with flask-login for session management. And, when I try to view a page without logging in, I get redirected to a link in form of /login/?next=%2Fsettings%2F
The issue is, as far as I could have it understand, that the "next" argument holds the part of the site I actually need, but when submitting a request to a login form, it is done via POST
, so this argument is no longer available for me to redirect it to.
I tried using Request.path
from Request (and url) but both just return the /login/
as the request url/path, not the actual /login/?next=xxx
.
My login method is as follows:
@app.route('/login/', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
#getting the user
user = User.get(request.form['username'])
if user.user is None:
return redirect('/login/')
#actual login proces
if user and check_password_hash(user.user.password, request.form['password']):
login_user(user, remember=remember)
#the redirection portion of the login process
return redirect(request.path or ("/")) # I tried various options there but without success, like request.args['next'] and such
return redirect('/login/')
else:
return redirect('/')
Thanks
Another method you can use when performing redirects in Flask is the url_for() function. The way that url_for() works is instead of redirecting based on the string representation of a route, you provide the function name of the route you want to redirect to.
The login manager contains the code that lets your application and Flask-Login work together, such as how to load a user from an ID, where to send users when they need to log in, and the like. login_manager. init_app(app) By default, Flask-Login uses sessions for authentication.
In this tutorial, we will learn about flask redirect and how to use it in our application. Why do we need to set up redirects? Before going to the implementation, let us first know what redirecting actually is! So as the name suggests, the redirect function, when called, basically redirects the Webpage to another URL.
To recap, in order to redirect users to their intended destination instead of the default "logged in" page, we must: Pass in the final destination to the log in page. From there, pass in the final destination to the log in handler. Use that to redirect users instead of sending them to the default destination page.
We are using a Flask form to take input from the user and then redirect it to a webpage showing the name back. The form function shows the Form. Once the user submits his name, the verify function pulls out the name from the Form and redirects him to the User function.
Therefore, we need to be able to tell it where users want to end up as they log in. Similarly, in order for the /login page to know where users want to end up, it must be told what that final destination is. User wants to access /profile. This is protected, so we redirect users to the /login page together with what the final destination is.
request.path
is not what you're looking for. It returns the actual path of the URL. So, if your URL is /a/?b=c
, then request.path
returns /a
, not c
as you are expecting.
The next
parameter is after the ?
in the URL, thus it is part of the "query string". Flask has already parsed out items in the query string for you, and you can retrieve these values by using request.args
. If you sent a request to the URL /a/?b=c
and did request.args.get('b')
, you would receive "c"
.
So, you want to use request.args.get('next')
. The documentation shows how this works in an example.
Another thing to keep in mind is that when you are creating your login form in HTML, you don't want to set the "action" attribute. So, don't do this..
<form method="POST" action="/login">
...
</form>
This will cause the POST request to be made to /login
, not /login/?next=%2Fsettings%2F
, meaning your next
parameter will not be part of the query string, and thus you won't be able to retrieve it. You want to leave off the "action" attribute:
<form method="POST">
...
</form>
This will cause the form to be posted to the current URL (which should be /login/?next=%2Fsettings%2f
).
You can use mongoengine sessions to pass 'next_url' parameter with flask session (from flask import session
). In py file where you define your app and login_manager:
from flask.ext.mongoengine import MongoEngineSessionInterface
app.session_interface = MongoEngineSessionInterface(db)
@login_manager.unauthorized_handler
def unauthorized_callback():
session['next_url'] = request.path
return redirect('/login/')
and then in login view:
def login():
# ... if success
next_url = session.get('next_url', '/')
session.clear()
return redirect(next_url)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With