How to prevent web2py redirect if login is not valid?

[thiago...@comp.ufla.br]

The problem is that I have a page for the login form, that only can redirect to the home page if the login is valid. But, I can't use @auth.requires_login() because, the home page can be accessed by visitors and in this app just pages like profile cannot be accessed by visitors.

In this case, why the web2py redirects to the home page  even if login was not valid, when I don't use @auth.requires_login()?

How to prevent web2py redirect if login is not valid?

[thiago...@comp.ufla.br]

Anyone?

[Anthony]

You'll have to show some code. By default, web2py does not redirect anywhere when login fails -- it just reloads the login page.

Anthony

[thiago...@comp.ufla.br]

Ok, no problem.

Obs.: perfil <=> profile, autenticacao <=> authentication

On db.py I have this login settings:

## login settings
auth.settings.login_url = URL('autenticacao', 'index')
auth.settings.logout_next = URL('autenticacao', 'index')
auth.settings.logged_url = URL('default', 'perfil')

---------------
On index function from the controller autenticacao I have this code:

def index():
    return dict(form_login=auth.login())

---------------
On index, and perfil functions from the controller default I have this:

def index():
    return dict()

@auth.requires_login()
def perfil():
    usuario = db(db.auth_user.id==auth.user_id).select()[0]
    usuario.nome_completo = ' '.join([usuario.first_name, usuario.last_name])
    fazendas = db(db.fazendas.usuario==auth.user_id).select()
    return dict(
        nome_completo=usuario.nome_completo.strip(),
        email=usuario.email.strip(),
        rg=usuario.rg.strip(),
        cpf=usuario.cpf.strip(),
        data_nascimento=usuario.dataNascimento.strip(),
        fazendas=fazendas
    )

[Tim Richardson]

in your controller, you can access the global variable auth.

You can ask
auth.is_logged_in() is True if the user is logged in, for example.
auth.user returns a Row telling you who is logged in.

http://web2py.com/books/default/chapter/29/09/access-control#Authorization

[Thiago Nobre]

I already know auth.is_logged_in(), but unfortunately when the user enter like visitor, he's not logged in, he just entered at the site without a login.

I need something like a login_onreject, because the visitor actually don't sign up.

=/

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/s2jOtL0niZM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Anthony]

Can you be more clear about what is happening? Are you saying if someone goes to the login page and enters incorrect credentials, they are being redirected to the index page? Auth shouldn't be doing that by default. Can you show your code?

[Thiago Nobre]

Yeah, it's exactly what's going on and I don't know why. I attached the db.py file and the controllers used on the problem, as you requested.

To be more clear, I'll try to explain again:

The problem is that I want that just some pages are blocked to the visitors, so I can't use @auth.requires_login() in the index function of the default controller. But if I don't use this decorator, when the login is not valid occurs an undesirable redirect to the home page, instead of continue in the login page until the user enters with the correct name and password, or until this one enters like a visitor.

And sorry for the troubles on my confused explanations, it's hard to me speak in english.

[thiago...@comp.ufla.br]

There is no way to check if the user has entered incorrect credentials (login was rejected) and treat it my way?

[Anthony]

If you change the Auth controller from 'default', you must specify that:

auth = Auth(db, controller='autenticacao')

Anthony

[Thiago Nobre]

It's just that simple? I didn't imagine that was the reason of the strange login behavior. When I get home, I'll test it and tell you if it worked.

--

[thiago...@comp.ufla.br]

It worked! Thank you!