[Catalyst] How to do pass-through login?

Zbigniew Lukasiak zzbbyy at gmail.com
Thu Jul 9 10:08:17 GMT 2009 

On Thu, Jul 9, 2009 at 11:49 AM, Zbigniew Lukasiak<zzbbyy at gmail.com> wrote:
> On Thu, Jul 9, 2009 at 11:03 AM, Gunnar Strand<gunnarstrand at yahoo.com> wrote:
>>
>> Hi,
>>
>> I am looking for a way to send users to the login screen if they are
>> trying to access a restricted path, and if the login is valid, the
>> original request should just continue like this:
>>
>> 1. myapp <- GET /member/only
>> 2. myapp -> /login_form
>> 3. myapp <- POST /login
>> 4. myapp -> /member/only
>>
>> I guess this is what is called "pass-through login (and other actions)"
>> in the Cookbook, but I can't understand the description:
>>
>> "Provide actions for these, but when they're required for something else
>> fill e.g. a form variable __login and have a sub begin like so:"
>>
>>    sub begin : Private {
>>      my ($self, $c) = @_;
>>      foreach my $action (qw/login docommand foo bar whatever/) {
>>        if ($c->req->params->{"__${action}"}) {
>>          $c->forward($action);
>>        }
>>      }
>>    }
>>
>>
>> Where is the data from the original request stored? Is everything stored
>> in the "__$action" key including any values in a form submission?
>>
>> An example on how pass-through works would be very helpful.
>>
>> I would have expected something like this (pseudo-code):
>>
>> In "begin" for /member/only:
>> unless ( $c -> user_exists() ) {
>>  $c -> delay_action();       # Saves state in Flash or Session
>>  $c -> forward('/login_form');
>> }
>>
>> In "login" after authentication:
>> if ( $c -> restore_action() ) {
>>  $c -> continue_action();
>> }
>
> There is Catalyst::Helper::Auth that generates such a passthrough
> login component, but it is rather buggy.  You can have a look at mine
> ProtoWiki code at:
> http://github.com/zby/CatalystX--ProtoWiki/blob/237284a35f5fd65e3d32cb5f88b81c28a47250e9/lib/CatalystX/ProtoWiki/Controller/Auth.pm
> - it is copied from the code generated by Catalyst::Helper::Auth - and
> then a bit modified/fixed, but it still needs a lot of work. It
> redirects to an 'url' not action - so in theory it should retain
> parameters etc. - but I am not sure if they are correctly encoded now.
>

And by the way I think that a no-redirect login is more elegant
solution.  It can be done by intercepting the dispatching in auto and
checking there if the user is authenticated and if no then also
checking if there are credential parameters in the request.

Cheers,
Zbigniew

>
> --
> Zbigniew Lukasiak
> http://brudnopis.blogspot.com/
> http://perlalchemy.blogspot.com/
>



-- 
Zbigniew Lukasiak
http://brudnopis.blogspot.com/
http://perlalchemy.blogspot.com/

More information about the Catalyst mailing list