On Mon, Dec 8, 2008 at 10:51 PM, Jon Hancock <[EMAIL PROTECTED]> wrote:
> > thanks Daniel. I am now using the hook as you describe instead of > hacking redirect_after_login. > > Now I see that I still need to find the correct way to > "programmatically" login a user. I have been doing: > > session.user = user > > in my controller code. This does give me an authenticated session, > but is obviously not the front-door approach as it does not trigger > the after_authentication hook. > > Can you steer me to the correct approach. In my situation, I have a > User that other parts of my code has authenticated (in this case, the > successful activation of a user). In this case, I do not need merb- > auth or your slice to do much work but to just accept my user object > and setup the session accordingly. > > thanks, Jon Hi John, The after_authentication callbacks only occur in the session.authenticate! method. If you short circuit these by calling session.user = directly the callback are not run. This is because the after_authenticated callbacks can choose not to allow the user to log in. That's an interesting issue. Perhaps we could add a method to allow you to set the user with the callbacks being executed also but leave it nil if the user is determined not to be allowed in the callbacks... What do you think? > > > > On Dec 8, 7:50 am, "Daniel N" <[EMAIL PROTECTED]> wrote: > > Hi Jon, > > > > There are after authentication hooks available to you. The user, request > > and params (route) object are availalbe to you. To do what you're doing > > there you should be able to do something like: > > > > Merb::Authentication.after_authentication do |user, request, params| > > request.session[:display_name] = user.display_name > > user > > end > > > > Be sure to finish with the user. By returning the user, the > authentication > > continues. (with the user object to be logged in) if you return false / > > nil, you'll effectively cancel the login. > > > > You can have as many of these blocks as you like. The user object from > one > > is forwarded to the next etc until all are complete. > > > > Cheers > > Daniel > > > > On Mon, Dec 8, 2008 at 10:37 AM, Jon Hancock <[EMAIL PROTECTED]> > wrote: > > > > > I mostly have merb-auth (using the password slice) working correct. > > > There's still one piece I'm failing to figure out. > > > > > In slices/merb-auth-slice-password/app/controllers/sessions.rb > > > I have edited as follows: > > > > > private > > > # @overwritable > > > def redirect_after_login > > > message[:notice] = "Login Successful. Enjoy ShellShadow!" > > > session[:display_name] = session.user.display_name > > > redirect_back_or url(:home), :message => message, :ignore => > > > [slice_url(:login), slice_url(:logout)] > > > end > > > > > The line: session[:display_name] = session.user.display_name > > > works well when I do a normal login. > > > > > However, if some other controller action authenticates the user (for > > > examples, when the user activates his account, I automatically log him > > > in as part of the activation process), I use this line in my > > > controller: > > > > > session.user = user > > > > > This works in that the user is authenticated so far as merb-auth is > > > concerned. However, I do not get the display_name set in the cookie. > > > > > I obviously should not be setting the display_name in > > > redirect_after_login, but somewhere else. > > > > > Any tips? > > > > > thanks, Jon > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
