Local login#172
Conversation
| assert req | ||
| if getattr(req, "lang_prefs", 0) is 0: | ||
| # lang. prefs remain effective even without shared login | ||
| user_id = req.authenticated_userid |
There was a problem hiding this comment.
while you're at it, use authenticated_userid(req)
The syntax req.authenticated_userid is deprecated.
| "default": True | ||
| }, | ||
|
|
||
| # Does the Idea panel automatically open when an idea is clicked? (and close when a special section is clicked) |
There was a problem hiding this comment.
Is this a bad copy-paste? The comment doesn't seem related to this new config.
| redirectToJoin() { | ||
| const slug = { slug: getDiscussionSlug() }; | ||
| browserHistory.push(get('join', slug)); | ||
| } |
There was a problem hiding this comment.
I think you need to push to customBrowserHistory created in index.jsx
You should export the history variable from index.jsx and use it here.
| application_url=application_url, | ||
| get_route=get_route, | ||
| user=user, | ||
| loggedin_userid=request.authenticated_userid, |
There was a problem hiding this comment.
authenticated_userid(request)
|
Other than that, LGTM. |
|
execute |
maparent
force-pushed
the
local_login
branch
from
c3ad160 to
4dcb422
Compare
|
Adjusted to the comments. Good catch about req.authenticated_userid being deprecated. |
| @@ -1,9 +1,10 @@ | |||
| import React from 'react'; | |||
| import { customBrowserHistory } from '../../index'; | |||
There was a problem hiding this comment.
customBrowserHistory is not currently exported in index.jsx. I don't see the change in your PR. You need to add export customBrowserHistory in index.jsx.
There was a problem hiding this comment.
That's right... why didn't webpack complain? (I even tested!)
There was a problem hiding this comment.
webpack will not complain, eslint should have. Try npm run eslint
There was a problem hiding this comment.
ok, that was helpful, thank you. Have a look now?
maparent
force-pushed
the
local_login
branch
from
79c2e1d to
bfcb5a7
Compare
| const connectedUserName = getConnectedUserName(); | ||
| const alreadyLoggedIn = !!getLoggedInUserId(); | ||
| const loginOrJoinUrl = alreadyLoggedIn ? get('join', slug) : getContextual('login', slug); | ||
| const onClickRedirect = alreadyLoggedIn ? this.redirectToJoin : null; |
There was a problem hiding this comment.
I think instead of null, the standard way is to return false
| application_url=application_url, | ||
| get_route=get_route, | ||
| user=user, | ||
| loggedin_userid=authenticated_userid(request), |
There was a problem hiding this comment.
Shouldn't it be effectiveuserid here instead?
There was a problem hiding this comment.
loggedin_userid is explicitly about knowing that the person is logged in even though they have no role in the discussion. Adding a comment.
|
|
||
|
|
||
| def is_join_route(request): | ||
| # TODO: Get a real shared route system for react. |
There was a problem hiding this comment.
Agreed. Absolute TODO.
|
|
||
|
|
||
| @view_config(route_name='join', request_method='POST') | ||
| def do_join_discussion(request): |
There was a problem hiding this comment.
As the ultimate response of this view is to redirect to either a login page or throw an error, we should utilize the new error page that was created for exactly these cases. Instead of returning HTTPUnauthorized or others, should redirect to error page, and pass the error in.
Downstream, that view can respond to the appropriate Error with a client-friendly view (this is not done for all cases, only 404, 401 and 500 I recall)
There was a problem hiding this comment.
You have an error page now? Then I think that the proper thing to do is to have HTTPUnauthorized go to that error page! Pyramid allows that. Let's discuss it.
There was a problem hiding this comment.
Yup, I discussed it with you a long while back, when logged in users wanted to access a private discussion. Yes, let's discuss when you have a moment.
There was a problem hiding this comment.
ok now that we have a generic error page, this code stands.
…r so login does not leak between discussions
maparent
force-pushed
the
local_login
branch
from
bfcb5a7 to
37d846b
Compare
|
@vincentfretin BTW, I was revisiting authenticated_userid: It's actually the security function that's deprecated, not the request attribute. One of us should revert this. |
|
Oh 💩 |
|
We'll see that when we know what do to with this branch. It's on standby for the moment. |
|
@maparent What do we do with this PR? |
4 participants
No description provided.