[Catalyst] tutorial - adding "auth" function

Sarah Berry berry.sarah at gmail.com
Thu Jun 8 16:41:04 CEST 2006 

Thanks to everyone! It finally works, and here is the code:

    sub auto : Private {
        my ( $self, $c) = @_;
        #if ($c->request->path =~ m(users/login)) {
        if ($c->action->reverse eq 'users/login') {
                return 1;
        }
        if ( !$c->user_exists) { # Catalyst::Plugin::Authentication
            $c->res->redirect( '/users/login' ); # require login
            $c->res->body("Redirecting to login ... ");
            return 0; # abort request and go immediately to end()
        }
        return 1; # success; carry on to next action
    }

    sub end : Private {
        my ($self, $c) = @_;
        $c->forward('tutorial::View::TToolkit') unless $c->res->body();
    }

I used Matt's suggestion so that, as Jürgen pointed out, someone couldn't
access a page like http://server/users/delete/all /users/login .

Thank you for the link to the new tutorial docs. I will definitely check
those out.

~ Sarah


On 6/8/06, Matt S Trout <dbix-class at trout.me.uk> wrote:
>
> Jürgen Peters wrote:
> > On Wed, 7 Jun 2006 18:12:43 -0400, Adam Herzog wrote
> >> On 6/7/06, Sarah Berry <berry.sarah at gmail.com> wrote:
> >>> "Your auto action redirects *every* access to /users/login, which
> >>> includes calls of /users/login. So a check for action or path should
> do
> >>> the trick."
> >> This is correct. Essentially, your auto is redirecting the user to
> >> /users/login, which then causes a new request and auto is run again,
> >> and the user is redirected again. I added some code inline which
> >> should prevent the recursive redirects.
> >>
> >>>     sub auto : Private {
> >>>         my ( $self, $c) = @_;
> >>         # Allow unauthenticated users to reach the login page
> >>         if ($c->request->path =~ /users/login/) {
> >>             return 1;
> >>         }
> >
> > um... fist the regex doesn't compile, i think it should be something
> like
> >
> >     if ($c->request->path =~ m(users/login) ) {
> >         return 1;
> >     }
> >
> > and second, wouldn't that allow someone to perform actions like
> > http://server/users/delete/all/users/login ?
> >
> > i thnk one should either ask $c->action for the actual action and do a
> real
> > match (not a regex) on that, or $c->detatch( '/users/login' );
>
> I like checking ($c->action->reverse eq 'users/login') myself.
>
> --
>       Matt S Trout       Offering custom development, consultancy and
> support
>    Technical Director    contracts for Catalyst, DBIx::Class and BAST.
> Contact
> Shadowcat Systems Ltd.  mst (at) shadowcatsystems.co.uk for more
> information
>
> + Help us build a better perl ORM:
> http://dbix-class.shadowcatsystems.co.uk/ +
>
> _______________________________________________
> Catalyst mailing list
> Catalyst at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rawmode.org/pipermail/catalyst/attachments/20060608/07770bd3/attachment.htm

More information about the Catalyst mailing list