email confirmation token

[Edmartt]

when I click the url in the email confirmation, redirects to login page waiting the login user, but If I log in nothing happens, just session starts. I'm trying to debug but confirm view not showing anything

[miguelgrinberg]

Are you using this code, or your own code? Any chance you have a mistake in your version of the code? That's as far as I can go with the little information you provided. You may want to compare the code against my version, which does work.

[Edmartt]

Are you using this code, or your own code? Any chance you have a mistake in your version of the code? That's as far as I can go with the little information you provided. You may want to compare the code against my version, which does work.

Hi, thank you for your time.

I'm following step by step the code and comparing is the same. Email sending is okay, token generation is okay. The only thing I can see is when I click on the link, nothing happens anything, I mean, is redirecting to the login page, but, Is normal to login before that? And if the answer is yes, why if I put some prints in confirm view nothing happens even if I click the link?

p.s sometime ago, somebody had the same problem and posted this question on stackoverflow, but no answer.

https://stackoverflow.com/questions/37908238/flask-on-login-redirection-issue

In his case, the problem was redirection, but mine is working, but nothing happens inside the view, cause if my confirm method is called I change my confirmed attribute to True.

view code:

> 
>  @auth.route('/confirm/<token>/')
>  @login_required
>  def confirm(token):
>     print(current_user.confirmed)
>     current_app.logger.info('entramos en confirm')
>         if current_user.confirmed:
>             print("Estado confirmed: ",current_user.confirmed)
>             return redirect(url_for('main.index'))
>             if current_user.confirm(token):                                                                                                                                                                                                               
>  73     ¦   User.change_confirm_state(True)
>  74     ¦   print(user.confirmed)
>  75     ¦   flash('Has confirmado tu cuenta')
>  76      else:
>  77     ¦   flash('El enlace de confirmación no es válido o ha caducado')
>           return redirect(url_for('main.index'))

[miguelgrinberg]

I can't really review the code, your indentation is all wrong in this snippet, so it's hard to know exactly what the logic does.

[Edmartt]

oh, okay. I've uploaded my code here:

https://github.com/wormholesepiol/flask-login

I have some question. If the user is not logged in, where do you get the id when you're calling the confirm view?

[miguelgrinberg]

@wormholesepiol the user id is decoded from the token.

[Edmartt]

@wormholesepiol the user id is decoded from the token.

Yes, I know that part, but you suggest @login_required decorator on confirm view, and when you try to access that function it asks for log in. If the url generated in the email sended is the same is okay, but with login required the url is modified and never reach or decode the token and never touch the if statements.

[miguelgrinberg]

@wormholesepiol I don't understand what is the problem you are describing.

When the user clicks on the confirmation link in the email the /confirm route is invoked. Because of the @login_required decorator, before the route executes, you have to log in. Once the log in is complete the /confirm route gets to run, and the token is verified, and the user gets confirmed.

[tmtech90]

The problem we are having is that once we log in we are not getting confirmed. We must send a second confirmation email after logging in and then once we click that link we are confirmed. At least that is what is happening for me. It works fine once you realized you have to do that but before realizing it is extremely confusing.

QUESTION: Do you know if there is a way we can automatically log the user in once he clicks on the confirmation email? Thank you!

[miguelgrinberg]

@tmtech90 you can log the user in just from the confirmation email, but that is insecure. That means that anybody that has the link can log in to the user's account without knowing the password. Not what I would recommend.

I explained how the account confirmation works in the comment right above yours. There is no need to request two confirmation emails, one is sufficient, as long as you log in with the user to which the confirmation email belongs.

[tmtech90]

Thanks for the response Miguel. This was not working for me. After clicking the email link and then logging it it would log in but still say "you are not confirmed." I added a new line of code in the registration route function which logs the user in automatically during registration. This would bring me to the "unconfirmed page" and then after clicking the email link once it would convert that page into the logged in home page. Hopefully this method is not insecure. Thanks.

[miguelgrinberg]

@tmtech90 Logging the user in right after registration is also not a practice I would recommend. Users are much more likely to forget their credentials if they are not asked to use them at least once.

It seems to me you are trying to find workarounds to the issue, instead of looking for the actual issue. If you click on the email link, and then log in, the application should redirect you to the /confirm endpoint, which should approve your account. If that redirect isn't happening, then the problem that you have is on the login process, which is not redirecting to the intended page after the user logs in. This is the handling of the next argument in the query string. Maybe you need to go back to that and review that your code is doing everything correctly with this argument.

[Kamalkoranga]

when I click the url in the email confirmation, redirects to login page waiting the login user, but If I log in nothing happens, just session starts. I'm trying to debug but confirm view not showing anything

The answer is - https://stackoverflow.com/a/75918165/17135962

[kumar-chetan]

when I click the url in the email confirmation, redirects to login page waiting the login user, but If I log in nothing happens, just session starts. I'm trying to debug but confirm view not showing anything

YES