Here is a sample login and logout route taken from the shopyo web framework. You can learn here how is get_safe_redirect defined and why it is important
@auth_blueprint.route("/login", methods=["GET", "POST"])
def login():
context = {}
login_form = LoginForm()
context["form"] = login_form
if login_form.validate_on_submit():
email = login_form.email.data
password = login_form.password.data
user = User.query.filter(
func.lower(User.email) == func.lower(email)
).first()
if user is None or not user.check_password(password):
flash(notify_danger("please check your user id and password"))
return redirect(url_for("auth.login"))
login_user(user)
if 'next' not in request.form:
next_url = url_for('dashboard.index')
else:
if request.form['next'] == '':
next_url = url_for('dashboard.index')
else:
next_url = get_safe_redirect(request.form['next'])
return redirect(next_url)
return render_template("auth/login.html", **context)
@auth_blueprint.route("/logout", methods=["GET"])
@login_required
def logout():
logout_user()
flash(notify_success("Successfully logged out"))
if 'next' not in request.args:
next_url = url_for('dashboard.index')
else:
if request.args.get('next') == '':
next_url = url_for('dashboard.index')
else:
next_url = get_safe_redirect(request.args.get('next'))
return redirect(next_url)
The trick is adding this html snippet in your login form
<input
type="hidden"
name="next"
value="{{ request.args.get('next', '') }}"
/>
Written by
Abdur-Rahmaan Janhangeer
Chef
Python author of 9+ years having worked for Python companies around the world
Suggested Posts
How to use Flask-admin with Flask-login
Steps: Have a login route accept a next parameter Define your model view and admin index view Regis...
Securing Flask: Preventing Open Redirect Vulnerabilities
If your Flask application uses a next parameter to redirect users after login, you might be vulnerab...
How to implement notification in Flask
Implementing notifications in Flask goes way beyond using flash. You have to add this snippet in you...
