Rails - Jan 2009 - login redirects that maintain parameter data

Hey,
  I need some advice on something.  I have a fairly large and complex
website (uberpwner.com) and all authentication I do is done by before
filters.  Basically  before_filter :login_required.
login_required does basic authentication and then redirects to the
root_path.  Here is the essentials from the login system code (which
is mostly taken from the beast forum):

     def login_required
      login_by_token      unless logged_in?
      login_by_basic_auth unless logged_in?
      respond_to do |format|
        format.html { redirect_to login_path }
        format.js   { render(:update) { |p| p.redirect_to
login_path } }
        format.xml  do
          headers["WWW-Authenticate"] = %(Basic
realm="Beast")
          render :text => "HTTP Basic: Access denied.\n", :status
=> :unauthorized
        end
      end unless logged_in? && authorized?
    end

 def login_by_token
      self.current_user = User.find_by_id_and_login_key(*cookies
[:login_token].split(";")) if cookies[:login_token] and not logged_in?
    end

      @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION
Authorization)
    def login_by_basic_auth
      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?
(h) }
      auth_data = request.env[auth_key].to_s.split unless
auth_key.blank?
      self.current_user = User.authenticate *Base64.decode64(auth_data
[1]).split('':'')[0..1] if auth_data && auth_data[0] ==
''Basic''
    end

Now here is what I want:  when a user clicks a page that requires
authentication they should be redirected to the login page, then on
successful login to the page they are going to.  If they are trying to
submit something to the site they should be redirected to login, then
their submission should go through on successful login.

Any advice on how to achieve this would be very appreciated!
JB
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I would suggest taking a look at Ryan Bates screencast about restful
authentication (http://railscasts.com/episodes/67), write a simple
application or two using restful authentication, and then walk through the
code to see how it all works.  IIRC, it has support for doing just what you
asked.

--wpd


On Fri, Jan 9, 2009 at 5:23 PM, Jables
<brun3797-Meo6Lv8EUjg3uPMLIKxrzw@public.gmane.org> wrote:
>
> Hey,
>  I need some advice on something.  I have a fairly large and complex
> website (uberpwner.com) and all authentication I do is done by before
> filters.  Basically  before_filter :login_required.
> login_required does basic authentication and then redirects to the
> root_path.  Here is the essentials from the login system code (which
> is mostly taken from the beast forum):
>
>     def login_required
>      login_by_token      unless logged_in?
>      login_by_basic_auth unless logged_in?
>      respond_to do |format|
>        format.html { redirect_to login_path }
>        format.js   { render(:update) { |p| p.redirect_to
> login_path } }
>        format.xml  do
>          headers["WWW-Authenticate"] = %(Basic
realm="Beast")
>          render :text => "HTTP Basic: Access denied.\n",
:status
> => :unauthorized
>        end
>      end unless logged_in? && authorized?
>    end
>
>  def login_by_token
>      self.current_user = User.find_by_id_and_login_key(*cookies
> [:login_token].split(";")) if cookies[:login_token] and not
logged_in?
>    end
>
>      @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION
> Authorization)
>    def login_by_basic_auth
>      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?
> (h) }
>      auth_data = request.env[auth_key].to_s.split unless
> auth_key.blank?
>      self.current_user = User.authenticate *Base64.decode64(auth_data
> [1]).split('':'')[0..1] if auth_data &&
auth_data[0] == ''Basic''
>    end
>
> Now here is what I want:  when a user clicks a page that requires
> authentication they should be redirected to the login page, then on
> successful login to the page they are going to.  If they are trying to
> submit something to the site they should be redirected to login, then
> their submission should go through on successful login.
>
> Any advice on how to achieve this would be very appreciated!
> JB
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---