Problems with redirect after login and protected pages

[Jeppe Nejsum Madsen]

Hi.

I want to protect all pages in the app (except login :-) so if you try
to access a page, you get to the login page and after successful
login, you get redirected back to the requested page. I'm combining
the ideas from

http://groups.google.com/group/liftweb/browse_thread/thread/5d724fa1ab66a352/f27134216c81fc91

and

http://groups.google.com/group/liftweb/browse_thread/thread/5d724fa1ab66a352/f27134216c81fc91

I'm running 1.1-SNAPSHOT and extending the basic example with the following:

Boot.scala
val entries = Menu(Loc("Home", List("index"), "Home", Loc.EarlyResponse(
() => Full(RedirectResponse("/user_mgt/login")).
filter(ignore => !User.loggedIn_?))) ) :: User.sitemap

And User.scala
object loginReferer extends SessionVar("/")

override def homePage = {
var ret = loginReferer.is
loginReferer.remove()
ret
}

override def login = {
Log.info("Before Logging in S:"+S + ", loggedIn:"+User.loggedIn_?
+ " ref:"+loginReferer.is+ "S.ref: "+S.referer)
for (r <- S.referer if loginReferer.is == "/") loginReferer.set(r)
super.login
}

Here are the issues:
- When I hit http://localhost:8080/ I get to the login page ok, after
login I get the homepage but with an error:
"already logged in. Please logout first."
- If I try to access another page, I always gets redirected to the
home page after login (with the same error)

It seems the problems are caused by an empty referrer as seen in the
logs below. This makes sense since the original request to "/" doesn't
contain a referer, the redirect doesn't either.

So the question is: is there a better way to capture the original page
the user was requesting? Since the redirect happens in the
EarlyResponse I was wondering if it was possible to just tack it on as
a parameter in the RedirectReponse. But is there a better way?

/Jeppe

Navigate to /
INFO - Service request (GET) / took 249 Milliseconds
INFO - Before login - ref:/, S.ref: Empty
INFO - Service request (GET) /user_mgt/login;jsessionid=e7pkao54lhcm
took 156 Milliseconds
INFO - Service request (GET) /images/ajax-loader.gif took 0 Milliseconds
INFO - Service request (GET) /favicon.ico took 0 Milliseconds

Enter login credentials

INFO - Before login - ref:/, S.ref:
Full(http://localhost:8080/user_mgt/login;jsessionid=e7pkao54lhcm)
INFO - Service request (POST) /user_mgt/login took 172 Milliseconds
INFO - Service request (GET) /user_mgt/login;jsessionid=e7pkao54lhcm
took 0 Milliseconds
INFO - Service request (GET) / took 31 Milliseconds

[Jeppe Nejsum Madsen]

On Sat, May 23, 2009 at 6:22 PM, Jeppe Nejsum Madsen <je...@ingolfs.dk> wrote:
> Hi.
>
> I want to protect all pages in the app (except login :-) so if you try
> to access a page, you get to the login page and after successful
> login, you get redirected back to the requested page. I'm combining
> the ideas from

[...]

> It seems the problems are caused by an empty referrer as seen in the
> logs below. This makes sense since the original request to "/" doesn't
> contain a referer, the redirect doesn't either.
>
> So the question is: is there a better way to capture the original page
> the user was requesting? Since the redirect happens in the
> EarlyResponse I was wondering if it was possible to just tack it on as
> a parameter in the RedirectReponse. But is there a better way?

Reply to self: This seems to work:

override def login = {
for {r <- S.request
ret <- r.param("returnTo") if loginReferer.is == "/"}
loginReferer.set(ret)
super.login
}

val loggedIn = Loc.EarlyResponse(
() =>
Full(RedirectResponse("/profile//login?returnTo="+S.uri)).filter(ignore
=> !User.loggedIn_?))

/Jeppe