On Saturday 13 June 2009 16:58:33 mdipierro wrote:
> I will take this patch!
Here it is, attached. Tested with latest stable, then ported to trunk version
and tested again.
However there is one problem with it. On error code 401 browser actually
_renders_ the page causing it to be blanked and redrawn as opposed to 303
which just waits a bit, then instantly replaces page content.
I do not know if there is a way to suppress that page blanking.
Otherwise it seems to be working as intended.
> On Jun 13, 6:19 am, Alexey Nezhdanov <snak...@gmail.com> wrote:
> > I'm writing unit tests for my app and come across this problem:
> > if I try to access the page which has @auth.requires_login()
> > I get error 303 - i.e. redirect to the page with login/password form.
> > While this works visually for browsers, it is actually wrong for testing
> > AND for search engines. Status codes are important for robots and here
> > status is set incorrectly (should be 401).
> > So why we not set this to 401 and make redirect with other means
> > (javascript/meta tags)? We know that pages that are larger than certain
> > size are displayed ok in IE so this should not be a problem.
> > Here is sample page with redirect:
> >
> > """<html>
> > <head>
> > <meta http-equiv="expires" content="0" />
> > <meta http-equiv="refresh" content="0;url=%(nexturl)s/" />
> > <script type="text/javascript"><!--
> > window.location='%(nexturl)s';
> > // --></script>
> > </head>
> > <body />
> > </html>
> > """%{'nexturl':URL(r=request,c='auth',f='login')}
> >
> > If this is a good idea - I'll write a patch.
> >
> > --
> > Sincerely yours
> > Alexey Nezhdanov
>
>
--
Sincerely yours
Alexey Nezhdanov
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
diff -ur gluon/http.py gluon-401/http.py
--- gluon/http.py 2009-06-13 19:55:47.000000000 +0400
+++ gluon-401/http.py 2009-06-13 19:56:19.109469004 +0400
@@ -96,8 +96,26 @@
return [body]
def redirect(location, how=303):
- location = location.replace('\r', '%0D').replace('\n', '%0A')
- raise HTTP(how, 'You are being redirected <a href="%s">here</a>'
+ if 300 <= how < 399:
+ location = location.replace('\r', '%0D').replace('\n', '%0A')
+ raise HTTP(how, 'You are being redirected <a href="%s">here</a>'
% location, Location=location)
+ else:
+ raise HTTP(how, """<html>
+ <head>
+ <meta http-equiv="expires" content="0" />
+ <meta http-equiv="refresh" content="0;url=%(location)s/" />
+ <script type="text/javascript"><!--
+ window.location='%(location)s';
+ // --></script>
+ </head>
+ <body>
+ You are being redirected <a href="%(location)s">here</a>
+ </body>
+ <!-- Here is just some amount of junk to keep IE happy.
+ ..................................................
+ ..................................................
+ -->
+</html>""" % {'location' : location}) # location could be as short as '/'
diff -ur gluon/tools.py gluon-401/tools.py
--- gluon/tools.py 2009-06-13 19:55:55.000000000 +0400
+++ gluon-401/tools.py 2009-06-13 20:00:31.217467547 +0400
@@ -718,7 +718,7 @@
if not user:
## invalid login
session.flash = self.messages.invalid_login
- redirect(self.url(args=request.args))
+ redirect(self.url(args=request.args), how = 401)
user = Storage(table_user._filter_fields(user, id=True))
session.auth = Storage(user=user, last_visit=request.now,
@@ -1034,7 +1034,7 @@
"""
if not self.is_logged_in():
- redirect(self.settings.login_url)
+ redirect(self.settings.login_url, how = 401)
db = self.db
user = self.settings.table_user
usern = self.settings.table_user_name
@@ -1092,7 +1092,7 @@
"""
if not self.is_logged_in():
- redirect(self.settings.login_url)
+ redirect(self.settings.login_url, how = 401)
password = self.settings.password_field
self.settings.table_user[password].writable = False
request = self.environment.request
@@ -1173,7 +1173,7 @@
"""
if not self.is_logged_in():
- redirect(self.settings.login_url)
+ redirect(self.settings.login_url, how = 401)
memberships = self.db(self.settings.table_membership.user_id
== self.user.id).select()
table = TABLE()
@@ -1207,7 +1207,7 @@
if not self.basic() and not self.is_logged_in():
args = self.environment.request.args
redirect(self.settings.login_url + \
- '?_next='+urllib.quote(self.url(args=args)))
+ '?_next='+urllib.quote(self.url(args=args)), how = 401)
return action(*a, **b)
return f
@@ -1228,12 +1228,12 @@
if not self.is_logged_in():
args = self.environment.request.args
redirect(self.settings.login_url + \
- '?_next='+urllib.quote(self.url(args=args)))
+ '?_next='+urllib.quote(self.url(args=args)), how = 401)
if not self.has_membership(group_id):
self.environment.session.flash = \
self.messages.access_denied
next = self.settings.on_failed_authorization
- redirect(next)
+ redirect(next, how = 403)
return action(*a, **b)
return f
@@ -1258,7 +1258,7 @@
if not self.is_logged_in():
args = self.environment.request.args
redirect(self.settings.login_url + \
- '?_next='+urllib.quote(self.url(args=args)))
+ '?_next='+urllib.quote(self.url(args=args)), how = 403)
if not self.has_permission(name, table_name, record_id):
self.environment.session.flash = \
self.messages.access_denied
@@ -1573,9 +1573,9 @@
if not isinstance(table,self.db.Table):
table = self.db[table]
if record and not self.has_permission('update',table,record):
- redirect(self.settings.auth.settings.on_failed_authorization)
+ redirect(self.settings.auth.settings.on_failed_authorization, how = 403)
if not record and not self.has_permission('create',table,record):
- redirect(self.settings.auth.settings.on_failed_authorization)
+ redirect(self.settings.auth.settings.on_failed_authorization, how = 403)
request = self.environment.request
response = self.environment.response
@@ -1661,7 +1661,7 @@
if not isinstance(table,self.db.Table):
table = self.db[table]
if not self.has_permission('read',table,record):
- redirect(self.settings.auth.settings.on_failed_authorization)
+ redirect(self.settings.auth.settings.on_failed_authorization, how = 403)
request = self.environment.request
session = self.environment.session
form = SQLFORM(
@@ -1689,7 +1689,7 @@
if not isinstance(table,self.db.Table):
table = self.db[table]
if not self.has_permission('delete',table,record_id):
- redirect(self.settings.auth.settings.on_failed_authorization)
+ redirect(self.settings.auth.settings.on_failed_authorization, how = 403)
request = self.environment.request
session = self.environment.session
if next == DEFAULT:
