[Catalyst] How to do pass-through login?

J. Shirley jshirley at gmail.com
Thu Jul 9 15:14:45 GMT 2009


On Thu, Jul 9, 2009 at 7:57 AM, Nate <ogmoid at gmail.com> wrote:

> On Thu, Jul 9, 2009 at 5:03 AM, Gunnar Strand<gunnarstrand at yahoo.com>
> wrote:
> >
> > Hi,
> >
> > I am looking for a way to send users to the login screen if they are
> > trying to access a restricted path, and if the login is valid, the
> > original request should just continue like this:
>
> A [rather long while ago] I rolled my own using the flash.
> This happens to be the only way I use the flash in this app.
>
> package MA:C:Root;
>
> sub auto : Private {
>  my ($self, $c ) =3D @_;
>
>  # Exit early if going to a public path
>  return 1 if( grep { $c->action->reverse eq $_; } qw/login index/ );
>
>  if ( ! $c->user_exists ) {
>        # Save a submission the user tried to do in the flash.
>        # The {uri} will be redirected to after login.
>        # The {params} will be mapped in during that request.
>        if ( scalar keys % {$c->request->params} ) {
>            $c->flash->{params} =3D $c->request->params;
>        }
>        $c->flash->{uri} =3D $c->request->uri;
>        $c->response->redirect('/login');
>        return 0; # stop processing
>    }
>
>    # Restore saved params
>    if ( defined $c->flash->{params} and not scalar % {$c->request->params}
> ) {
>        # A submission was saved after the user logged out or (more
> likely) expired.
>        # Populate the params with the saved values.
>        $c->request->params( $c->flash->{params} );
>    }
>
>    return 1; #continue processing
> }
>
> sub login : Local {
>    # Handle Auth ...
>    # ...
>
>        # Where to go now?
>        if ( scalar keys % { $c->flash } ) {
>            # The user has a saved action in the ->flash.
>            # Redirect there instead and maintain any {params}
>            # so they can be loaded next time.
>            $c->response->redirect($c->flash->{uri});
>            $c->keep_flash(qw/params/);
>        } else {
>            $c->response->redirect('/');
>        }
> }
>
> ###
>
> [kind?] Comments on it's ugliness/fitness would be appreciated.
> $work is such that I rarely get time to revisit code after it "works"
> and I did this possibly 2 years go :|
>
>
My method uses form parameters, so I can manually craft URLs.  Then in the
login controller if someone is logged in, it just continues to the redirect.

Another point is to be careful as to what destinations you allow, you don't
want to redirect to just any old URI (especially important if you using form
parameters).

-J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090709/94594=
b01/attachment.htm


More information about the Catalyst mailing list