[Catalyst] tutorial - adding "auth" function
Matt S Trout
dbix-class at trout.me.uk
Thu Jun 8 16:01:09 CEST 2006
Jürgen Peters wrote:
> On Wed, 7 Jun 2006 18:12:43 -0400, Adam Herzog wrote
>> On 6/7/06, Sarah Berry <berry.sarah at gmail.com> wrote:
>>> "Your auto action redirects *every* access to /users/login, which
>>> includes calls of /users/login. So a check for action or path should do
>>> the trick."
>> This is correct. Essentially, your auto is redirecting the user to
>> /users/login, which then causes a new request and auto is run again,
>> and the user is redirected again. I added some code inline which
>> should prevent the recursive redirects.
>>
>>> sub auto : Private {
>>> my ( $self, $c) = @_;
>> # Allow unauthenticated users to reach the login page
>> if ($c->request->path =~ /users/login/) {
>> return 1;
>> }
>
> um... fist the regex doesn't compile, i think it should be something like
>
> if ($c->request->path =~ m(users/login) ) {
> return 1;
> }
>
> and second, wouldn't that allow someone to perform actions like
> http://server/users/delete/all/users/login ?
>
> i thnk one should either ask $c->action for the actual action and do a real
> match (not a regex) on that, or $c->detatch( '/users/login' );
I like checking ($c->action->reverse eq 'users/login') myself.
--
Matt S Trout Offering custom development, consultancy and support
Technical Director contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd. mst (at) shadowcatsystems.co.uk for more information
+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +
More information about the Catalyst
mailing list