Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth actions always generate links with appname included #910

Closed
kszys opened this issue Aug 19, 2024 · 2 comments
Closed

Auth actions always generate links with appname included #910

kszys opened this issue Aug 19, 2024 · 2 comments

Comments

@kszys
Copy link
Contributor

kszys commented Aug 19, 2024

I run into an issue when trying to migrate my web2py projects into py4web. py4web does not have the routes.py which I used befoe to map URLs to applications. I would like to achive the following setup:

http://mydomain1.com -> /myapp1
http://mydomain2.com -> /myapp2
...

Lacking routes.py, I use nginx as a proxy with something like this (example for mydomain1.com -> /myapp1):

server {
    listen 80;

    server_name mydomain1.com;

    location / {
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8000/myapp1$request_uri;
    }
}

I use the following parameter for the Auth, which should help in not using the appname in the redirects to Auth actions:

auth.param.use_appname_in_redirects = False

For the clarity of following examples, I also use:

auth.enable(route="config/auth")

This way, the redirect to Auth is done correctly - e.g., when I try to access:

http://mydomain1.com/config

which requires authentication, I get correctly redirected to:

http://mydomain1.com/config/auth/login

However, the next parameter is configured incorrectly:

?next=/myapp1/config

Also, the submit button action is set as:

action="//mydomain1.com/myapp1/config/auth/login?next=/myapp1/config/"

Notice the two myapp1 in the URL. All this means that Auth uses the appname in all these constructed links. I think it should follow the same logic (and use the same parameter) as for the redirects, actually produce something like this expected result:

action="//mydomain1.com/config/auth/login?next=/config/"

I looked at the Auth code and I figured out how to fix the next parameter. It only requires replacing:

redirect_next = request.fullpath

with the condition:

if self.auth.param.use_appname_in_redirects == False:
    redirect_next = request.fullpath.replace(f"/{request.app_name}", "")
else:
    redirect_next = request.fullpath

In two functions of AuthEnforcer - abort_or_redirect and goto_login.

On the other hand, fixing the Submit button in the auth form seems to exceed my skills a bit. It is part of how the Auth APIs are exposed and they all use the appname in their paths by defualt.

Also, after some more looking into the code, there may be also other places, when changes would be required - there are number of places where URLs are constructed. In all those places it should be fixed by:

URL( ..., use_appname=self.param.use_appname_in_redirects)

(or something similar).
@kszys kszys mentioned this issue Aug 19, 2024
Closed
@kszys
Copy link
Contributor Author

kszys commented Aug 29, 2024

I added a patch for this issue to the PR in #911
I also provided some comments and thoughts there, if anybody is interested.

@kszys
Copy link
Contributor Author

kszys commented Sep 11, 2024

It seems that the issue can be closed as discussed in #918

@kszys kszys closed this as completed Sep 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kszys