[Catalyst] Clearing $c->req->params in CatalystX::SimpleLogin ...

[Tomas Doran]

On 19 Feb 2010, at 10:23, Kiffin Gish wrote:

> I've been playing around with the ideas used in  
> CatalystX::SimpleLogin,
> and it's been a good learning experience for me!
>
> However, I discovered a slight problem with the redirect in which the
> current uri is saved in a session key like this:
>
> $c->session->{redirect_to_after_login} = $c->uri_for($c->action,
> $c->req->captures, $c->req->args->flatten, $c->req->parameters);
>
> (aside: don't forget to include 'use Moose::Autobox;')
>
> If the request parameters are left in place they'll just be passed  
> on to
> the login form, or whatever form that may be.
>
> I'm using HTML::FormHandler, and I get an error that the user/password
> fields need to be entered.
>

Erm, this isn't clear to me what's happening here - can you elaborate?

The idea of that code is so that if you hit a random page then you'll  
be bounced to the login form, then bounced back to your original page  
after you login.

Is what happens when you have logged in you're redirected back  
somewhere, and that 'somewhere' tries to process a form and then  
errors? Or is the error in CX::SimpleLogin itself?

As the form (any form) should only ever be processed on a POST request..

> The solution is to clear the parameters before passing them on to the
> loginpage. In the package CX::SL::TF::C::Login::WithRedirect:
>
> # Clear the parameter fields.
> delete $c->req->params->{$_} for (keys %{$c->req->params});
>
> Curious what others think...

I see what this does, but as noted above, I don't see why it's needed.

Cheers
t0m