Login via an link/URL
65 views
Skip to first unread message
Kenneth
Nov 17, 2020, 5:24:10 PM11/17/20
to web2py-users
Hi,
I tried searching the discussions but could not find anything like this being discussed.
I'm looking into having users login into my app via an link/URL they receive via email. They just get an link no separate username and password. When the link is accessed they are logged in normally. The link would look like something like this: my.website.com/longhash4324kljhasdfasd9f87ads
Does web2py already contain this function?
Kenneth
AGRogers
Nov 17, 2020, 10:28:28 PM11/17/20
to web...@googlegroups.com
Hi Kenneth
The following are guesses....
1. I have never seen anything that is remotely similar to this in web2py. But i like the idea.
2. Maybe the 'impersonate' option might work. Someone how log in as a user whose account details you know and then impersonate the user identified in the link. Info on that here: http://web2py.com/books/default/chapter/29/09/access-control#Authentication. Not sure how you log in as the known user though.
3. Somewhat related to your question is a challenge i want to address: how can i enable logging in via pictures? My app is for young kids and a great way for 5 year olds is to link their profile image with a password image. I thought that would be easy to make but after thinking about your question I suspect it wont be. It's kind of the same problem - logging in for someone else.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/e8102d90-88c8-4a4c-abcb-96ba7aa54cddn%40googlegroups.com.
Carlos Correia
Nov 18, 2020, 6:26:48 AM11/18/20
to web...@googlegroups.com
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/e8102d90-88c8-4a4c-abcb-96ba7aa54cddn%40googlegroups.com.
Hi,
I would write the hash somewhere in the filesystem, create a controller to verify the hash, then use Auth.login_user() to authenticate the user.
Having said that, please note that it is a
(very) bad idea, since a "man in the middle" could easily
intercept the mail and hack the session.
Regards, Carlos Correia ========================= MEMÓRIA PERSISTENTE GSM: 917 157 146 (Signal, WhatsApp) e-mail: ge...@memoriapersistente.pt URL: http://www.memoriapersistente.pt XMPP (Jabber): car...@memoriapersistente.pt
AGRogers
Nov 18, 2020, 8:19:35 AM11/18/20
to web...@googlegroups.com
Thanks Carlos
I couldnt find the login_user() function in the book but i did find it here: https://web2py.readthedocs.io/en/latest/_modules/gluon/tools.html#Auth.login_user
Does
login_user(self, user) essentially bypass the normal authentication process?
And is
login_bare(self, username, password) the normal login function?
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/00b9aa90-1458-f9c5-ae9b-703e740341d7%40memoriapersistente.pt.
valq...@gmail.com
Nov 19, 2020, 2:39:49 PM11/19/20
to web2py-users
login_bare is a normal function, it is intended to login through ajax, but it cant be used in this case, since it requires raw password (not hash).
I would create a table that maps hash of url (!!! Not url itself and not hash-like part of url) to user_id and then use auth.login_user as Carlos mentioned.
среда, 18 ноября 2020 г. в 16:19:35 UTC+3, roge...@gmail.com:
AGRogers
Nov 24, 2020, 11:00:17 PM11/24/20
to web...@googlegroups.com
Thanks for the extra info :D
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/434776c9-cf49-4fbc-b251-1c49cd8ef32dn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages