[Dancer-users] login example using before filter

Joel Roth joelz at pobox.com
Sun Dec 5 23:25:37 CET 2010 

On Sat, Dec 04, 2010 at 07:30:26AM -0600, Puneet Kishor wrote:
> Hi Joel,
> 
> I am doing my implementation a bit differently, so the following is
> all guesswork, but I think you will find it useful. See below...

Thanks for taking the time to reply.
In these formative times in my development, a few
hints mean a lot. :-)
 
> Joel Roth wrote:
> >I've had some difficulties with the before filter example
> >provided in Dancer::Introduction.
> >
> >If we pass the information via 'session' rather than 'var'
> >and use 'redirect' instead of 'request->path_info'
> >we get code that more-or-less works as expected:
> >
> >     before sub {
> >         if (!session('user') and request->path_info !~ m{^/login}) {
> >             session requested_path =>  request->path_info;
> >             redirect('/login');
> >         }
> >     };
> >
> >     post '/login'    =>  sub {
> >         # authenticate credentials
> >         session user =>  params->{user};
> >         my $path = session->{requested_path};
> >         session requested_path =>  undef;
> >         redirect $path
> >     };

> Your working code above is correct. What you are doing is saving the
> requested path in a session variable. That ensures that the value
> persists over repeated calls. Then, you are redirecting, which
> emulates a browser refresh, a brand new call to the server, this
> time requesting the login page. Once at the login page, you extract
> the previously requested path from the session var. All that makes
> sense, and works as expected.

Yes, and my site is live, which I appreciate :-)

I've finally tracked down my problem code. The code below
works on my local machine as stand-alone using HTTP::Simple::PSGI.
However it 404s on the server using Plack::Runner and 
these mod_rewrite rules.

	RewriteEngine On
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule (.*) dispatch.cgi/$1

before sub {
    my $path = request->path_info;
    if (!session('user') and $path !~ m{^/login}) {
        session requested_path => $path;
        request->path_info('/login'); # 404s on server using mod_rewrite
        #redirect '/login' ;          # works
    }
};
post '/login'    => sub {
	if( validate(params->{user}, params->{pass}) ){
		session user => params->{user};
		my $path = session->{requested_path};
		session requested_path => undef;
    	session failed_login   => undef; 
		redirect $path;
	} else {
    	session failed_login => 1; # use this to trigger "failed login" message
		redirect '/login';
	}
};


> >And I'm also willing to patch the docs to show a complete,
> >successful implementation.
> 
> I haven't looked at the latest docs. If you think the docs are
> misleading, definitely file an issue with the suggested complete
> documentation that works.

Will do. I'd like people to see things work the first time out. :-)

Best,

Joel


-- 
Joel Roth

More information about the Dancer-users mailing list