Authenticating Routes

[Amit]

Hi, I have different links on my template something like menu. Clicking on menu links render different templates on the same page. I have configured all the routes and implemented authentication. But I am not able to use under/bridge. I can log in and log out of the application. But even if I am not logged in, if I click on any menu, it opens the page.

#Sample Code:

my $auth = $self->routes;

my $r = $auth->bridge('/')->to('main#check');

and the configured all routes using $r.

Please help.

[David Oswald]

On Mon, Jul 30, 2012 at 12:43 AM, Amit <am...@rae-consulting.com> wrote:

> I have configured
> all the routes and implemented authentication. But I am not able to use
> under/bridge. I can log in and log out of the application. But even if I am
> not logged in, if I click on any menu, it opens the page.
> #Sample Code:
>
> my $auth = $self->routes;
> my $r = $auth->bridge('/')->to('main#check');
>
> and the configured all routes using $r.
>
> Please help.
>

The problem is probably in your 'main' controller's 'check' function.
You can prove this to yourself by asking Main::check to 'warn' with
some debug text. You will see that any route you access under $r is
passing through main::check. The fact that Main::check is allowing
entry even when the user isn't logged in is a defect in the
main::check code.

We might be able to spot the issue if you post that code.

Do you really have a controller named Main? Remember that Mojolicious
will convert "controller#action" to package 'Controller' and method
'action'. (pay attention to capitalization).
--

David Oswald
daos...@gmail.com

[David Oswald]

> 'main', Main::check, main::check, Main::check,
> main::check code (pay attention to capitalization).

You see, even after talking about it, I still am getting it mixed up.
'main' vs 'Main'. ...that controller name is begging to be changed to
something that doesn't resemble Perl's default package. ;)


--

David Oswald
daos...@gmail.com

[Amit]

Thanks David for the info. Following is the code inside check:

sub check {

    my $self = shift;

    return 0 unless($self->is_user_authenticated);

    return 1;

[John Scoles]

that won't realy work on a bridge as a bridge just goes to the controller it is not condtional route

try this in you check

sub check {
my $self = shift;

$self->redirect_to('not_authn') and return 0 unless($self->is_user_authenticated);
return 1;
}

where not_authn is a template or named route that you want your user to go to when they are not authenticated

A condtionaly controller works like this

$r->route('/home')->over(authenticated => 1)->to('example#home')->name('home');

however what you want(catch all) is what you have now with the small change above

Cheers
John

________________________________
> Date: Mon, 30 Jul 2012 03:37:07 -0700
> From: am...@rae-consulting.com
> To: mojol...@googlegroups.com
> Subject: Re: [Mojolicious] Authenticating Routes

> --
> You received this message because you are subscribed to the Google
> Groups "Mojolicious" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/mojolicious/-/_uy0fIj3haIJ.
> To post to this group, send email to mojol...@googlegroups.com.
> To unsubscribe from this group, send email to
> mojolicious...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/mojolicious?hl=en.

[Amit]

Thanks John and David. Actually my main has a section which renders another small login section based on user is authenticated or not. So I login page is the same as my logout page. I made that small change in the check() but now I am getting too many redirects error.

I have:

my $auth = $self->routes;

my $r = $auth->bridge('/')->to('main#check');

$r->route('/')->to('main#index');

$r->route('/main')->to('main#index');

Last 2 lines of code, because I want user to logon and display information upon successful login. And second is when user clicks on menu "Main".

So if in check(), I put:

$self->redirect_to("/") and return 0 unless($self->is_user_authenticated); , or

$self->redirect_to("/main") and return 0 unless($self->is_user_authenticated); 

I get too many redirects error.

Thanks in advance

Amit

On Monday, July 30, 2012 4:18:37 PM UTC+5:30, byterock wrote:

that won't realy work on a bridge as a bridge just goes to the controller it is not condtional route

try this in you check

sub check {
  my $self = shift;
  $self->redirect_to('not_authn') and return 0 unless($self->is_user_authenticated);
  return 1;
}

where not_authn is a template or named route that you want your user to go to when they are not authenticated

A condtionaly controller works like this

$r->route('/home')->over(authenticated => 1)->to('example#home')->name('home');

however what you want(catch all) is what you have now with the small change above

Cheers
John

________________________________
> Date: Mon, 30 Jul 2012 03:37:07 -0700
> From:

> To: mojol...@googlegroups.com
> Subject: Re: [Mojolicious] Authenticating Routes
>
> Thanks David for the info. Following is the code inside check:
>
> sub check {
> my $self = shift;
> return 0 unless($self->is_user_authenticated);
> return 1;
> }
>
> On Monday, July 30, 2012 1:26:51 PM UTC+5:30, David Oswald wrote:
> > 'main', Main::check, main::check, Main::check,
> > main::check code (pay attention to capitalization).
>
> You see, even after talking about it, I still am getting it mixed up.
> 'main' vs 'Main'. ...that controller name is begging to be changed to
> something that doesn't resemble Perl's default package. ;)
>
>
> --
>
> David Oswald
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Mojolicious" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/mojolicious/-/_uy0fIj3haIJ.
> To post to this group, send email to mojol...@googlegroups.com.
> To unsubscribe from this group, send email to

> mojolicious+unsubscribe@googlegroups.com.

[jay m]

the page with your login form needs to be accessible by unauthenticated users. the way you have it now, when you redirect to / it sends you back through the bridge again, and again, and again... something like this will work:

  my $public = $self->routes;

  my $r = $public->bridge->to('main#check');
  $public->route('/')->to('main#index');          

  $r->route('/main')->to('main#index');

[Amit]

Hi Jay,

I had tried that also. But, I have this in my check():

sub check {

    my $self = shift;

    $self->redirect_to("/") and return 0 unless($self->is_user_authenticated); 

    return 1; 

}

So when I enter credentials and click Submit, it calls check first and redirects me back to the root. i.e. it does not call "post_login" method.

Thanks,

Amit

[John Scoles]

Try if like i shoewed before with a named route to some place. A general catchall or redirect to '/' is never a good idea

so in your controller you would have something like this

$r->route('/login') ->via('get') ->to('authn#form')->name('authn_form');
$r->route('/login') ->via('post')->to('authn#login');
my $rb = $r->bridge->to('authn#check');
$mb->route('/main')->to('main#index');

and in Authn.pm

sub check {
my $self = shift;

$self->redirect_to('authn_form') and return 0
unless($self->is_user_authenticated);
return 1;
}



________________________________
> Date: Tue, 31 Jul 2012 23:15:17 -0700
> From: am...@rae-consulting.com

> > To: mojol...@googlegroups.com<mailto:mojol...@googlegroups.com>

> > Subject: Re: [Mojolicious] Authenticating Routes
> >
> > Thanks David for the info. Following is the code inside check:
> >
> > sub check {
> > my $self = shift;
> > return 0 unless($self->is_user_authenticated);
> > return 1;
> > }
> >
> > On Monday, July 30, 2012 1:26:51 PM UTC+5:30, David Oswald wrote:
> > > 'main', Main::check, main::check, Main::check,
> > > main::check code (pay attention to capitalization).
> >
> > You see, even after talking about it, I still am getting it mixed up.
> > 'main' vs 'Main'. ...that controller name is begging to be changed to
> > something that doesn't resemble Perl's default package. ;)
> >
> >
> > --
> >
> > David Oswald
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Mojolicious" group.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msg/mojolicious/-/_uy0fIj3haIJ.
> > To post to this group, send email to

> mojol...@googlegroups.com<mailto:mojol...@googlegroups.com>.

> > To unsubscribe from this group, send email to
> >

> mojolicious...@googlegroups.com<mailto:mojolicious%2Bunsu...@googlegroups.com>.

> > For more options, visit this group at
> > http://groups.google.com/group/mojolicious?hl=en.
>

> --
> You received this message because you are subscribed to the Google
> Groups "Mojolicious" group.
> To view this discussion on the web visit

> https://groups.google.com/d/msg/mojolicious/-/AnH1vfcVzzoJ.

> To post to this group, send email to mojol...@googlegroups.com.
> To unsubscribe from this group, send email to

> mojolicious...@googlegroups.com.

[Amit]

Thanks all for your valuable inputs.

Amit 

On Wednesday, August 1, 2012 4:30:41 PM UTC+5:30, byterock wrote:

Try if like i shoewed before with a named route to some place.  A general catchall or redirect to  '/' is never a good idea

so in your controller you would have something like this

  $r->route('/login')  ->via('get') ->to('authn#form')->name('authn_form');
  $r->route('/login')  ->via('post')->to('authn#login');
  my $rb = $r->bridge->to('authn#check');
  $mb->route('/main')->to('main#index');

and in Authn.pm

sub check {
 my $self = shift;
$self->redirect_to('authn_form') and return 0  
   unless($self->is_user_authenticated);
  return 1;
}

 

 ________________________________
> Date: Tue, 31 Jul 2012 23:15:17 -0700
> From:

> > To: mojol...@googlegroups.com<mailto:mojolicious@googlegroups.com>

> > Subject: Re: [Mojolicious] Authenticating Routes
> >
> > Thanks David for the info. Following is the code inside check:
> >
> > sub check {
> > my $self = shift;
> > return 0 unless($self->is_user_authenticated);
> > return 1;
> > }
> >
> > On Monday, July 30, 2012 1:26:51 PM UTC+5:30, David Oswald wrote:
> > > 'main', Main::check, main::check, Main::check,
> > > main::check code (pay attention to capitalization).
> >
> > You see, even after talking about it, I still am getting it mixed up.
> > 'main' vs 'Main'. ...that controller name is begging to be changed to
> > something that doesn't resemble Perl's default package. ;)
> >
> >
> > --
> >
> > David Oswald
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Mojolicious" group.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msg/mojolicious/-/_uy0fIj3haIJ.
> > To post to this group, send email to

> mojol...@googlegroups.com<mailto:mojolicious@googlegroups.com>.

> > To unsubscribe from this group, send email to
> >

> mojolicious+unsubscribe@googlegroups.com<mailto:mojolicious%2Bunsubscribe@googlegroups.com>.

> > For more options, visit this group at
> > http://groups.google.com/group/mojolicious?hl=en.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Mojolicious" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/mojolicious/-/AnH1vfcVzzoJ.
> To post to this group, send email to mojol...@googlegroups.com.
> To unsubscribe from this group, send email to

> mojolicious+unsubscribe@googlegroups.com.

[Amit]

Hi All,

I apologize to reopen this thread again. Due to some other priority work, I had to leave this but now I am back again on this. I tried the way byterock explained. But it didn't worked. I'll again explain my form with code.

My Login and logout form is the same one (main). It has a small section on top which contains credential textboxes and login button. When the user is successfully logged in, that section is hidden and logout button appears. Code:

    my $auth = $self->routes;

    $auth->route('/main')->via('get')->to('main#index');

    $auth->route('/main')->via('post')->to('main#post_login');

    #

    my $r = $auth->bridge->to('UserAuthUtil#check');

    

    $r->route('/')->to('main#index');

    $r->route('/main')->to('main#index');

    $r->post('/login')->to('main#post_login');

    $r->post('/logout')->to('main#logout');

Not sure what I am doing wrong here but its not working.

Thanks & Regards,

Amit Khurana

[Charlie Brady]

If you want some help, I suggest you provide more detail that "it didn't
worked" and "its[ not working".

> >> > > To: mojol...@googlegroups.com<mailto:mojol...@googlegroups.com>

> >>
> >> > > Subject: Re: [Mojolicious] Authenticating Routes
> >> > >

> >> > > Thanks David for the info. Following is the code inside check:
> >> > >
> >> > > sub check {
> >> > > my $self = shift;
> >> > > return 0 unless($self->is_user_authenticated);
> >> > > return 1;
> >> > > }
> >> > >
> >> > > On Monday, July 30, 2012 1:26:51 PM UTC+5:30, David Oswald wrote:
> >> > > > 'main', Main::check, main::check, Main::check,
> >> > > > main::check code (pay attention to capitalization).
> >> > >
> >> > > You see, even after talking about it, I still am getting it mixed up.
> >> > > 'main' vs 'Main'. ...that controller name is begging to be changed to
> >> > > something that doesn't resemble Perl's default package. ;)
> >> > >
> >> > >
> >> > > --
> >> > >
> >> > > David Oswald
> >> > >
> >> > >
> >> > > --
> >> > > You received this message because you are subscribed to the Google
> >> > > Groups "Mojolicious" group.
> >> > > To view this discussion on the web visit
> >> > > https://groups.google.com/d/msg/mojolicious/-/_uy0fIj3haIJ.
> >> > > To post to this group, send email to

> >> > mojol...@googlegroups.com<mailto:mojol...@googlegroups.com>.

> >> > > To unsubscribe from this group, send email to
> >> > >

> >> > mojolicious...@googlegroups.com<mailto:
> >> mojolicious%2Bunsu...@googlegroups.com>.

> >> > > For more options, visit this group at
> >> > > http://groups.google.com/group/mojolicious?hl=en.
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> > Groups "Mojolicious" group.
> >> > To view this discussion on the web visit
> >> > https://groups.google.com/d/msg/mojolicious/-/AnH1vfcVzzoJ.
> >> > To post to this group, send email to mojol...@googlegroups.com.
> >> > To unsubscribe from this group, send email to

> >> > mojolicious...@googlegroups.com.

[Amit]

Oh yeah thats right. The earlier suggestion given by byterock is not working. I mean, I tried that way but its not working. 

Please suggest. The sample code is provided in my previous post. I'll again provide it.

 My Login and logout form is the same one (main). It has a small section on 
 top which contains credential textboxes and login button. When the user is 
 successfully logged in, that section is hidden and logout button appears. 
 Code: 
 
     my $auth = $self->routes; 
     $auth->route('/main')->via('get')->to('main#index'); 
     $auth->route('/main')->via('post')->to('main#post_login'); 
     

     my $r = $auth->bridge->to('UserAuthUtil#check'); 
     
     $r->route('/')->to('main#index'); 
     $r->route('/main')->to('main#index'); 
     $r->post('/login')->to('main#post_login'); 
     $r->post('/logout')->to('main#logout'); 

There are more routes need to be added in $r after this.

Thanks & Regards,

Amit Khurana

> >> mojolicious%...@googlegroups.com>.

[Alister West]

It seems like your providing your routes backwards. This is probably
not what you want (but is what you have).

Unauthenticated (called $auth??)
/main (get + post)

Authenticated (called $r ??)
/
/main
/login
/logout

Try:
my $pubic = $self->routes;

$public->route('/')->to('main#index');

$public->route('/main')->to('main#index');
$public->post('/login')->to('main#post_login');
$public->post('/logout')->to('main#logout');

my $auth = $public->bridge->to('UserAuthUtil#check');
$auth->post('/main')->to('main#post_login');


~~
c|_| alisterwest.com - mmm coffee!

> https://groups.google.com/d/msg/mojolicious/-/y09M4gItKSEJ.

[Amit]

Hi Alister,

Thanks for the prompt reply. I tried. I also added more routes to the $auth, but those routes are not working. I mean, after,

     my $pubic = $self->routes; 

      $public->route('/')->to('main#index'); 
      $public->route('/main')->to('main#index'); 
      $public->post('/login')->to('main#post_login'); 
      $public->post('/logout')->to('main#logout'); 

      my $auth = $public->bridge->to('UserAuthUtil#check'); 
      $auth->post('/main')->to('main#post_login'); 

I added: $auth->route('/foo')->to('foo#bar');

But its not working. I am able to login but accessing any link or putting any other page address directly in URL throws me following error:

Page not found... yet!

None of these routes matched your GET request for /foo, maybe you need to add a new one?

 

Regards,

Amit

[Alister West]

Hi, here is a working example using a bridge.

#!/usr/bin/env perl
use Mojolicious::Lite;
my $self = app();

my $public = $self->routes;

$public->route("/" )->to( cb => sub { shift->render(text => "to
slash\n") });

$public->route("/main" )->to( cb => sub {
my $self = shift;
$self->render( text => "to Main::index (". $self->session('user') .")\n");
});

$public->get("/login" )->to( cb => sub {
my $self = shift;
$self->session( user => 'Bender');
$self->render(text => "Logged in as Bender\n")
});

$public->get("/logout")->to( cb => sub {
my $self = shift;
$self->session( user => '' );
$self->render(text => "You are logged out\n")
});

my $auth = $public->bridge->to(cb => sub { my $self = shift;
return 1 if $self->session('user');
# do a redirect to /login here.
$self->render( text => 'You are not logged in');
return;
});

$auth->get("/foo")->to( cb => sub { shift->render(text => "this is foo\n"); });

$self->start;

~~
c|_| alisterwest.com - mmm coffee!

> https://groups.google.com/d/msg/mojolicious/-/LiM2MGKGwDQJ.

[Amit]

Thanks a lot Alister. It worked fine. :)

Thanks once again.

Regards,

Amit Khurana