I cant figure out how to specify a dynamic callback url using Simpleauth (https://github.com/crhym3/simpleauth)
I would like to redirect user to whatever page that they were on prior to clicking on Login.
Can anyone help ?
There's two ways you can do this:
Store the previous page address in a cookie.
Pass in the previous page as a url parameter when going to the login page, and keep track of it through the login process. You might end up sticking it in a cookie.
Related
I from login page render to the admin index page, but the url address did not change, how to change it?
Code is below:
return render(request, 'app_admin/index.html')
As a common sense , all we know use render the url address do not change, but I want it change. how can I do that? I do not want to use the redirect, because I will pass data in render. how can I do that?
There is no way for the render to change the URL. Django uses the model-view-controller pattern, and the view has nothing to do with the URL. To achieve what you want you will have to redirect the user first, and then render on that route instead.
I see the URL on your page is /login so I assume this problem occur when you attempt to log the user in. If you reuse this approach (render upon receive submit form), you will run into problems sooner or later. For example, try to refresh the page you are currently displaying, I think the browser asks you to resubmit the form.
You say that you don't want to redirect because you pass data in the render. This is also an error prone approach. Store information consistently between pages with cookies and sessions. How would you otherwise store the login details when the user navigates the admin panel?
What you ask is not possible. The render function (with friends) has no option to change the URL.
You have to bind a separate url if you want to display in browser URL
For this
Add url for a index.hmtl and assign view to it
on action call just url what you specified
I'm adding authentication to an existing pyramid project. The simplest form that I'm currently trying (will be expending later) is for all pages to raise HTTPForbidden. The exception view is /login, which will ask for login details and, on success, return HTTPFound with request.referer as the location.
So far so good, this does what I want, which is bringing users back to the page they were trying to access when the login page interrupted them. Let's call this Page A.
The login page is a simple HTML form with a submit button.
However if the user mistypes username or password, I want to return to the login page with an error message saying "Wrong password" or similar. When that happens, request.referer is now the login page instead of Page A.
How do I 'store' Page A (or rather its URL) so that, when the user eventually succeeds in logging in, they find themselves back on Page A? Is the session used for things like this, and are there non-session ways of implementing it? I don't (yet) have a session for this simple page, and am trying to avoid adding different components in one pass.
I recommend you to pass a parameter like login/?next=pageA.html
If the login fails, you could then forward your parameter next to /login again, even if the referrer points now to /login.
Then when the user will successfully log in, you could redirect if to pageA.html that will be held in your next parameter.
You will indeed need to check if your parameter next is a valid one, as someone could copy-paste or try to tamper with this parameter.
The goal here, given a user facebook profile url, access and open the profile page. Some simple python code:
from urllib2 import urlopen
url = "http://www.facebook.com/username"
page = urlopen(url)
The problem is that for some "username" this causes HTTP ERROR 404. I noticed this error only happening when the path includes a name rather than the "profile.php?id=XXX" format.
Notice that we only have the url here and not the user id.
UPDATE:
This turned out to happen also for some of the "profile.php?id=XXX" and other username formats.
This is a privacy feature of Facebook. Users have the ability to hide their profile page so that only logged in users can view their page. Accessing the page with /profile.php?id=XXX or with /username makes no difference. You must be logged-in in order to view the HTML page.
In your context, you'd have to first log in to a valid Facebook account before requesting the page and you should no longer receive the 404's.
One way to check this is on the graph API, graph.facebook.com/USERNAME will return a link property in the resulting JSON if they have a public page, and it will be omitted on private pages.
Not every Facebook account is accessible as FIRST.LAST, so you won't be able to reliably do this.
There is currently no guarantee that an account is accessible with a vanity name.
Works perfectly fine as long as the username exists.
Are you trying to open the page in a Web Browser or access the HTML source generated by the page?
If the latter, have you thought of using the Facebook Graph API to achieve whatever it is that you are doing? This will be much faster and the API is all documented. Plus the page's HTML source could change at any point in time, whereas the Graph API will not.
Edit
You could use the Graph API without having to even create an application to get the user ID, but going to http://graph.facebook.com/username and parsing the JSON response. You can then access the profile HTML using http://www.facebook.com/profile.php?id=userId
I'm working on app which saves things from many cross domains via Ajax POST method to my server/app. I need to find a solution how to send a POST and verify if the user who sent it is already signed on my site and than save it to the database.
I am pretty sure that I need Chrome, Firefox extension to do it, because I need to embed my js on every page my users surf on. The thing is I don't know where to start and how should it work. I could set up proxy to make JSON POST work, but I don't know how to verify if the user is signed on my site.
Should I get cookies of my users from browser via Chrome API and sent it in the POST and authenticate the cookie/session in Django? What do you suggest?
Thank you for your help. I appreciate every hint.
When the user logons at http://yourserver.com, you can set a permanent cookie to identify him. (see SESSION_EXPIRE_AT_BROWSER_CLOSE and COOKIE_AGE variables in django)
Then, when he embeds any JS from another site from yourserver.com domain, the cookies are automatically sent for this domain, and you can check on your django side for the cookie existence and validity and give the good JS.
Because of crossdomain issues, you should better use form POST as an alternative as AJAX as it is not security restricted. You can then play with iframes and javascript to make both domains communicates.
To embed the JS in another website, you can use a browser extension, or a simple bookmarklet, which will load your code in the current page when the user clicks it from any webpage.
My 2 cents;
I have django supported web application. when i hit refresh button on a page the view method corresponding to the page's url is not being called. But it gets called when i re-enter the url in th address bar. can any one suggest the reason and the solution?
check caching.
first check cache meta tags on the client
then check web server cache
Note: "GET" requets some times cached on the server or client automatically.
finally found the ans: just add the new tab command to your html page itself