[Catalyst] tutorial - adding "auth" function
Jürgen Peters
taulmarill at xgn.de
Thu Jun 8 10:18:58 CEST 2006
On Wed, 7 Jun 2006 18:12:43 -0400, Adam Herzog wrote
> On 6/7/06, Sarah Berry <berry.sarah at gmail.com> wrote:
> > "Your auto action redirects *every* access to /users/login, which
> > includes calls of /users/login. So a check for action or path should do
> > the trick."
>
> This is correct. Essentially, your auto is redirecting the user to
> /users/login, which then causes a new request and auto is run again,
> and the user is redirected again. I added some code inline which
> should prevent the recursive redirects.
>
> > sub auto : Private {
> > my ( $self, $c) = @_;
>
> # Allow unauthenticated users to reach the login page
> if ($c->request->path =~ /users/login/) {
> return 1;
> }
um... fist the regex doesn't compile, i think it should be something like
if ($c->request->path =~ m(users/login) ) {
return 1;
}
and second, wouldn't that allow someone to perform actions like
http://server/users/delete/all/users/login ?
i thnk one should either ask $c->action for the actual action and do a real
match (not a regex) on that, or $c->detatch( '/users/login' );
More information about the Catalyst
mailing list