[Catalyst] tutorial - adding "auth" function
Marcello Romani
mromani at ottotecnica.com
Tue Jun 27 14:18:48 CEST 2006
Matt S Trout ha scritto:
> Jürgen Peters wrote:
>> On Wed, 7 Jun 2006 18:12:43 -0400, Adam Herzog wrote
>>> On 6/7/06, Sarah Berry <berry.sarah at gmail.com> wrote:
>>>> "Your auto action redirects *every* access to /users/login, which
>>>> includes calls of /users/login. So a check for action or path should do
>>>> the trick."
>>> This is correct. Essentially, your auto is redirecting the user to
>>> /users/login, which then causes a new request and auto is run again,
>>> and the user is redirected again. I added some code inline which
>>> should prevent the recursive redirects.
>>>
>>>> sub auto : Private {
>>>> my ( $self, $c) = @_;
>>> # Allow unauthenticated users to reach the login page
>>> if ($c->request->path =~ /users/login/) {
>>> return 1;
>>> }
>> um... fist the regex doesn't compile, i think it should be something like
>>
>> if ($c->request->path =~ m(users/login) ) {
>> return 1;
>> }
>>
>> and second, wouldn't that allow someone to perform actions like
>> http://server/users/delete/all/users/login ?
>>
>> i thnk one should either ask $c->action for the actual action and do a real
>> match (not a regex) on that, or $c->detatch( '/users/login' );
>
> I like checking ($c->action->reverse eq 'users/login') myself.
>
Matt, what do you think of ($c->req->path eq 'auth/login') ?
--
Marcello Romani
Responsabile IT
Ottotecnica s.r.l.
http://www.ottotecnica.com
More information about the Catalyst
mailing list