0

I am trying to confirm user email using pyjwt. So basically, when a new user registers, the user receives a confirmation email containing a link, and the user clicks the link to confirm the email.

If the web token has expired, the user is asked to generate another web token.

Here is the problem.

The static files I am using work pretty well for all of my other web pages and view functions. However for the view function that receives the web token for the user email, Flask does not see the static files needed to render the page properly, and so it does not render any Css, image, or javascript for that particular web page.

Here is my code.

First, The user registers and a verification email is sent;

@auth.route('/register', methods=['GET','POST' ])
def register():
    form=register_form()
    if form.validate_on_submit():
        user=Users_db(name=form.name.data, email=form.email.data, username=form.username.data, sex=form.sex.data, password=form.password.data )
        flash('A verification email has been sent to you, please verify your account')
        token=user.email_token()
        db.session.add(user)
        db.session.commit()
        send_mail(form.email.data, 'Confirm Your Account', 'email/confirm_account', token=token)
        return redirect(url_for('auth.login', form=form))
    return render_template('auth/register.html', form=form)

After the user receives the verification email, and clicks the link, the following view function confirms the confirms or eject the user based on the status of the web token added to the URL.

@auth.route('/confirm_user/<token>')
@login_required
def confirm_user(token):
    if current_user.confirm_email_token(token):
        flash('You account has been confirmed')
        return redirect('main.home')
    else:
        flash('Your confirmation mail has expired, Please request for another mail.', category='info')
        return render_template('new_token.html')

The problem is, new_token.html template is not displayed with any static file. Flask can not find it.

I get the following error on my development server.

127.0.0.1 - - [27/Aug/2023 19:29:49] "GET /confirm_user/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6bnVsbCwiZXhwIjoxNjkzMTY0NTI1fQ.25ORxL9I-fq9tpK8lQxhTvQDOhu-xJmV5pzTblNinHg HTTP/1.1" 200 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/vendor/bootstrap/css/bootstrap.min.css HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/vendor/bootstrap-icons/bootstrap-icons.css HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/vendor/swiper/swiper-bundle.min.css HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/vendor/glightbox/css/glightbox.min.css HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/vendor/aos/aos.css HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/css/variables.css HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/css/main.css HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/img/post-sq-1.jpg HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/img/post-sq-2.jpg HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/img/post-sq-3.jpg HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/img/post-sq-4.jpg HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/vendor/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:50] "GET /confirm_user/static/vendor/swiper/swiper-bundle.min.js HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:51] "GET /confirm_user/static/vendor/glightbox/js/glightbox.min.js HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:51] "GET /confirm_user/static/vendor/aos/aos.js HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:51] "GET /confirm_user/static/js/main.js HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:51] "GET /confirm_user/static/vendor/php-email-form/validate.js HTTP/1.1" 404 -
127.0.0.1 - - [27/Aug/2023 19:29:51] "GET /confirm_user/static/img/favicon.png HTTP/1.1" 404 -

Can anybody help?

Static files works pretty well for all other templates and view functions. It also works well for this view function if I remove the web token added to the URL.

Adesua Martins
  • 65
  • 8

1 Answers1

0

You report that static files will 404 when a confirming user runs this:

@auth.route('/confirm_user/<token>')
@login_required
def confirm_user(token):
    ...

Remove the @login_required so the confirming user will be allowed to retrieve those files with 200 status. Use another approach for authenticating a confirming user during that transitional period.

J_H
  • 17,926
  • 4
  • 24
  • 44
  • The user is added to the database before the confirmation link is sent, so the user is supposed to be able to login before reaching the page. – Adesua Martins Aug 27 '23 at 18:55
  • What did your testing reveal when you tried removing the `@login_required` decorator? – J_H Aug 27 '23 at 18:56
  • I get an error because I need the user Id to verify the token. And I can't get that Id if the user is not logged in. – Adesua Martins Aug 27 '23 at 18:59
  • Well, that's your answer, isn't it? Offer more details in the emailed link, so the user ID is available even for not-logged-in requests, and go from there. – J_H Aug 27 '23 at 19:04
  • I heard you say "that function doesn't know the user ID, but it needs to". So I suggested you send the user ID as part of the emailed link, to ensure it is available to the function. Based on the decorator and signature, it does not appear to me that you have made user ID available to the function yet. – J_H Aug 27 '23 at 19:14
  • Okay, so I removed @login_required and just tried to use the route function directly. I still have the same issues. – Adesua Martins Aug 27 '23 at 19:14
  • The user_id is encrypted in the token sent with the link. I have tested that outside the application and confirmed. Although I am not sure, I don't think the issue is with the token, I believe the problem is with Flask finding the static files. It's like the token is preventing Flask from finding the static files in a way. I say this because the view function works perfectly when I remove the token or when the token is correct. It only has issues when it has to render```new_token.html``` – Adesua Martins Aug 27 '23 at 19:19