Flask-login not redirecting to previous page

Question

I have seen quite a few questions with this in mind, but haven't been able to address my issue. I have a Flask app with flask-login for session management. And, when I try to view a page without logging in, I get redirected to a link in form of /login/?next=%2Fsettings%2F

The issue is, as far as I could have it understand, that the "next" argument holds the part of the site I actually need, but when submitting a request to a login form, it is done via POST, so this argument is no longer available for me to redirect it to.

I tried using Request.path from Request (and url) but both just return the /login/ as the request url/path, not the actual /login/?next=xxx.

My login method is as follows:

@app.route('/login/', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        #getting the user
        user = User.get(request.form['username'])
        if user.user is None:
            return redirect('/login/')
        #actual login proces
        if user and check_password_hash(user.user.password, request.form['password']):
            login_user(user, remember=remember)
            #the redirection portion of the login process
            return redirect(request.path or ("/")) # I tried various options there but without success, like request.args['next'] and such

        return redirect('/login/')

    else:
        return redirect('/')

Thanks

Answer 1

request.path is not what you're looking for. It returns the actual path of the URL. So, if your URL is /a/?b=c, then request.path returns /a, not c as you are expecting.

The next parameter is after the ? in the URL, thus it is part of the "query string". Flask has already parsed out items in the query string for you, and you can retrieve these values by using request.args. If you sent a request to the URL /a/?b=c and did request.args.get('b'), you would receive "c".

So, you want to use request.args.get('next'). The documentation shows how this works in an example.

Another thing to keep in mind is that when you are creating your login form in HTML, you don't want to set the "action" attribute. So, don't do this..

<form method="POST" action="/login">
    ...
</form>

This will cause the POST request to be made to /login, not /login/?next=%2Fsettings%2F, meaning your next parameter will not be part of the query string, and thus you won't be able to retrieve it. You want to leave off the "action" attribute:

<form method="POST">
    ...
</form>

This will cause the form to be posted to the current URL (which should be /login/?next=%2Fsettings%2f).

Answer 2

You can use mongoengine sessions to pass 'next_url' parameter with flask session (from flask import session). In py file where you define your app and login_manager:

from flask.ext.mongoengine import MongoEngineSessionInterface
app.session_interface = MongoEngineSessionInterface(db)

@login_manager.unauthorized_handler
def unauthorized_callback():
    session['next_url'] = request.path
    return redirect('/login/')

and then in login view:

def login():
    # ... if success
    next_url = session.get('next_url', '/')
    session.clear()
    return redirect(next_url)