I would like to redirect the user to the previous page that they want to view (which needs authentication before viewing) after logging in. How can I do that?
For example, a user goes to a URI "/account" that needs an authentication, so probably if they are not logged in, it will directly go to login page but once they login, I want them be directed to "/account" instead of "/" which renders the index page.
Thanks
Use var prevPage = req.originalUrl to save the URL from where the user will be coming from, this is the previous page that you would want to redirect the user later, once you are done with the current middleware simply use res.redirect(`${prevPage}`) to send the user back to that same page..
Related
Let's say I have a route to register a user like:
router.post('/register', registerSchema, register);
Apparently inside the register function we save the new signed up user to database.
After registration, I want to redirect users to a specific page based on where they come from.
if user's come from button 1 they should go to dashboard page.
if they come from button 2 I want to redirect them to payment page ok?
How can I do this in a appropriate way?
I tried to send users to sign up page when they click on button 1 to href="signup?next=dashboard"
But I cannot get the query string when they click on register button... clicking on register button don't care about where they came from it just hits the register route...
I have an Express app, where the landing page invites people to enter their email address and then click on "Sign Up" or "Log In", depending on whether they have an account yet or not.
The user is then taken to "/signup" or "/login", via a POST request so that the email address they entered can be passed along.
But now that I've used POST for both of these routes, I have to POST to another URL to process their sign up data or log in credentials, like app.POST("/register") and app.POST("/enter"). This feels pretty sloppy, and definitely messes with the RESTful routing that I'd like to stick to.
I know I can pass the data through the URL via a GET request, but I don't really like that solution either.
What's the best approach to take in this situation? Should I just use GET requests and stop being so fussy? Or is there another way I haven't though of yet?
Thank you kind peoples!
I can see why you feel this messes with the RESTful approach, and an alternative method would be to store the email address client-side and not POSTing it to the server - until they actually sign up.
You could use the LocalStorage Web API to store the email address in the client browser, and then load it when the user hits the /signup route.
let email = document.querySelector('input[name="email"]').value
localStorage.set('email', email)
then later on when the user hits the /signup route you would do:
let email = localStorage.get('email')
document.querySelector('input[name="email"]').value = email
This would have to be in a <script> tag for the two routes.
You could also use sessionStorage which gets cleared when the user closes their browser, while localStorage is a permanent storage solution.
You can use /signup and /login GET request for rendering UI. And /signup and /login POST requests for processing
Hi i have this application that needs a user to login.
Once the user is logged in, he is redirected to a page displaying documents for that user.
To display that information, I call the correct action on the controller and i pass my user-object. This object contains username and password.
When i look at my url it looks like :
http://localhost:53703/Documents?UserName=bart&UserId=10&Password=AllPhi%242015
Is there a way that I can hide those querystring-values (UserName=bart&UserId=10&Password=AllPhi%242015)
I can not object strongly enough to sidestepping the built in auth-mechanisms, but to answer the question: You cannot hide the query-string.
If you want to hide data when you are sending from a client you need to do a post request instead of a get, but the post-data is still visible in the request (in plain text)
But in this case it seems you want to pass data between actions, and then you want to use tempdata. Look here for reference: http://rachelappel.com/when-to-use-viewbag-viewdata-or-tempdata-in-asp.net-mvc-3-applications
I have an page home.xsp that logs a user into my application. After the authentication is successful it goes to HomeAfterLogin.xsp which is the home/landing page of the application.
Yesterday I got to the point of creating emails that are triggered by status events in the app. In the emails I can include a direct link to the document in question. The direct link works if you are already authenticated, if not it takes you the login page (as it should). After you login, it takes you to the HomeAfterLogin instead of the document you linked to. When I built that part I did not anticipate that I would link directly to documents. My login process is largely based on a project from Ferry Kranenburg.
My question is where would I obtain the calling URL from the email or if a user happened to bookmark a document. I have tried context.getUrl() but it just returns the URL of the login page. I should be able to compute the property of where to redirect if I knew how to obtain the calling URL.
UPDATE: facesContext.getExternalContext().... also seems to just return the current URL, not the calling URL.
SECOND UPDATE: I know what the answer is. The URL is not accessible anymore because it has already been redirected. The XPage that is linked to directly contains code in the beforePageLoad event to redirect to the login page if the user is anonymous. At that point, I can get to the refering URL and store it in a sessionScope variable, and then redirect the page after login if the variable is present. I will answer my own question if this works.
The reason the URL is not accessible is that the page has already been redirected. The XPage that is linked to directly contains code in the beforePageLoad event to redirect to the login page if the user is anonymous.
if(session.getEffectiveUserName() == "Anonymous"){
//if the PO document was accessed directly like from a Email link or bookmark
//then the doc id is set to a sessionScope variable and after the login page
//the page is directed to the specific PO instead of the HomeAfterLogin page
sessionScope.URL_document = context.getUrlParameter("doc");
context.redirectToPage("Home.xsp")
}
I fixed this setting the docID from the URL to a sessionScope variable prior to redirecting to the login XPage in the same beforePageLoad event.
In the custom property that determines where to redirect after login, I added an if statement that will redirect to the specific document if the sessionScope variable is present. Otherwise go to the HomeAfterLogin as normal.
if(sessionScope.URL_document == ""){
facesContext.getExternalContext().getRequestContextPath() + "/HomeAfterLogin.xsp"
} else {
facesContext.getExternalContext().getRequestContextPath() + "/New_PO.xsp?doc=" + sessionScope.URL_document;
}
This has fixed the issue for me.
I have a page that I am sending into an iframe. The iframe itself is being conditionally displayed based on logic in the back end. Is it possible for only the iframe to be able to display the page?
Basically I want to be able to call the page from within the iframe, but a person who accesses the URL directly will get redirected or blocked.
You can check the Referer header and serve the page only if it matches the URL of the document that contains the iframe. But this will foil only a user browsing casually to the direct URL. In general the answer is no, you have no control over how the user agent is going to display the content.
If you really need to do this, generate the parent document dynamically so that it contains a URL for the iframe with an embedded random one-time token. Have the iframe content be generated by a script that checks for the validity of the one-time token before delivering the page, and deletes the token from the database at the same time. You will have to make the iframe content uncacheable and you will likely encounter side effects related to caching that cause the page to break for legitimate users from time to time.
Lets assume the url for your iframe is http://example.com/myiframepage. The page that renders the iframe is http://example.com/parentpage
I am assuming your parent page already has code similar to :
//in parentpage :
if(can_show_iframe) {
}
You just need to go a step further and modify the code for myiframepage as follows -
//in myiframepage
if(can_show_iframe) {
//normal processing
}
else {
//return 403 error code which indicates access denied
}