Closed gr-satt closed 5 years ago
miguelgrinberg
commented
5 years ago Have you added prints to find out what is the server seeing? This should be pretty easy to figure out once you see what username and password the server is receiving I think.
gr-satt
commented
5 years ago yes. so I am making the login request to api/resources on html button onclick action like this:
`
<script type="text/javascript">
function login_user() {
let path = "http://127.0.0.1:5000/api/resource";
let user_input = document.getElementById("user").value;
let pass_input = document.getElementById("pass").value;
let data = {username:user_input, password:pass_input};
fetch(path, {
headers: {
"Content-Type": "application/json"},
method: "POST",
body: JSON.stringify(data)}
).then((response) => {
// success -- redirect to welcome
if (response.status == 200) {
window.location.href = "http://127.0.0.1:5000/welcome"
// retry
} else {
window.location.href = "http://127.0.0.1:5000/login"
}
});
};
</script>`then i am running the app and i enter 'invaliduser' and 'invalidpass' into the username and password forms and it returns a 200 and will redirect me to the welcome page. I am attaching screenshot of request from developer tools.
miguelgrinberg
commented
5 years ago I'll repeat my question. Have you added print statements in the server code to verify what username and password is the server authenticating against?
Hi,
First of all thank you so much for releasing this. I am using this to authenticate users for my first web app.
When I am making login requests from the command line, python, and node I get 401 status for invalid credentials just as I should. But when i run and test locally in browser I always get 200 for some odd reason. I also cant find anything online about anyone having a similar issue and have tried posting on SO (here) to no avail. Has anyone here had this happen?