that sounds good. I do think that being able to do " session.user = user" is a very friendly front-door for programmatically setting up a session. If you can figure out a way for the success hooks to be triggered from that, I think you would have a winner.
thanks, Jon On Dec 8, 7:58 pm, "Daniel N" <[EMAIL PROTECTED]> wrote: > On Mon, Dec 8, 2008 at 10:51 PM, Jon Hancock <[EMAIL PROTECTED]> wrote: > > > thanks Daniel. I am now using the hook as you describe instead of > > hacking redirect_after_login. > > > Now I see that I still need to find the correct way to > > "programmatically" login a user. I have been doing: > > > session.user = user > > > in my controller code. This does give me an authenticated session, > > but is obviously not the front-door approach as it does not trigger > > the after_authentication hook. > > > Can you steer me to the correct approach. In my situation, I have a > > User that other parts of my code has authenticated (in this case, the > > successful activation of a user). In this case, I do not need merb- > > auth or your slice to do much work but to just accept my user object > > and setup the session accordingly. > > > thanks, Jon > > Hi John, > > The after_authentication callbacks only occur in the session.authenticate! > method. If you short circuit these by calling session.user = directly the > callback are not run. This is because the after_authenticated callbacks can > choose not to allow the user to log in. > > That's an interesting issue. Perhaps we could add a method to allow you to > set the user with the callbacks being executed also but leave it nil if the > user is determined not to be allowed in the callbacks... > > What do you think? > > > > > On Dec 8, 7:50 am, "Daniel N" <[EMAIL PROTECTED]> wrote: > > > Hi Jon, > > > > There are after authentication hooks available to you. The user, request > > > and params (route) object are availalbe to you. To do what you're doing > > > there you should be able to do something like: > > > > Merb::Authentication.after_authentication do |user, request, params| > > > request.session[:display_name] = user.display_name > > > user > > > end > > > > Be sure to finish with the user. By returning the user, the > > authentication > > > continues. (with the user object to be logged in) if you return false / > > > nil, you'll effectively cancel the login. > > > > You can have as many of these blocks as you like. The user object from > > one > > > is forwarded to the next etc until all are complete. > > > > Cheers > > > Daniel > > > > On Mon, Dec 8, 2008 at 10:37 AM, Jon Hancock <[EMAIL PROTECTED]> > > wrote: > > > > > I mostly have merb-auth (using the password slice) working correct. > > > > There's still one piece I'm failing to figure out. > > > > > In slices/merb-auth-slice-password/app/controllers/sessions.rb > > > > I have edited as follows: > > > > > private > > > > # @overwritable > > > > def redirect_after_login > > > > message[:notice] = "Login Successful. Enjoy ShellShadow!" > > > > session[:display_name] = session.user.display_name > > > > redirect_back_or url(:home), :message => message, :ignore => > > > > [slice_url(:login), slice_url(:logout)] > > > > end > > > > > The line: session[:display_name] = session.user.display_name > > > > works well when I do a normal login. > > > > > However, if some other controller action authenticates the user (for > > > > examples, when the user activates his account, I automatically log him > > > > in as part of the activation process), I use this line in my > > > > controller: > > > > > session.user = user > > > > > This works in that the user is authenticated so far as merb-auth is > > > > concerned. However, I do not get the display_name set in the cookie. > > > > > I obviously should not be setting the display_name in > > > > redirect_after_login, but somewhere else. > > > > > Any tips? > > > > > thanks, Jon --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
