I'm confused. None of the examples shown implemented the login POST handler. The docs implied it was already part of the middleware:
>From https://github.com/cemerick/friend : >>> The example above defines a single workflow -- one supporting the POSTing of :username and :password parameters to (by default) /login -- which will discover the specified :credential-fn and use it to validate submitted credentials. <<< -- Jonathon McKitrick On Wed, Aug 6, 2014 at 10:46 AM, Gary Verhaegen <[email protected]> wrote: > 1. No, you have to provide it (as a non-protected route, obviously). > 2. The order in which you apply the handler/site and friend/authenticate > middlewares is reversed: friend needs the session (and others), so it > should come "after" (or rather "within") the handler/site to work properly > (in execution order). > > > On Wednesday, 6 August 2014, Jonathon McKitrick <[email protected]> > wrote: > >> First, the code: >> >> (ns pts.server >> (:use [compojure.core]) >> (:require [ring.adapter.jetty :as jetty] >> [ring.util.response :as response] >> [compojure.handler :as handler] >> [compojure.route :as route] >> [cemerick.friend :as friend] >> (cemerick.friend [workflows :as workflows] >> [credentials :as creds]))) >> >> (defroutes www-routes >> (GET "/locked" [] (friend/authorize #{::admin} "Admin only")) >> (GET "/home" [] (response/file-response "home.html" {:root >> "resources/public"})) >> (GET "/login" [] (response/file-response "login.html" {:root >> "resources/public"})) >> (GET "/" [] (response/redirect "index.html")) >> (route/resources "/") >> (route/not-found "Not Found")) >> >> (def app (handler/site www-routes)) >> >> (def users {"root" {:username "root" >> :password (creds/hash-bcrypt "toor") >> :roles #{::admin}}}) >> >> (def secure-app >> (-> app >> (friend/authenticate {:unauthorized-handler #(response/status >> (response/response "NO") 401) >> :credential-fn (partial >> creds/bcrypt-credential-fn users) >> :workflows [(workflows/interactive-form)]}))) >> >> (defn -main [& args] >> (let [port (Integer/parseInt (get (System/getenv) "PORT" "3000"))] >> (jetty/run-jetty secure-app {:port port :join? false}))) >> >> It's dead simple, but 2 major things are not working. >> >> 1. The POST to /login to submit the login form gives a 404 Not Found. >> Isn't the POST handler part of the friend/authenticate middleware? >> 2. Attempts to access the /locked URL throw an exception and a >> stacktrace, rather than calling the unauthorized handler: >> throw+: {:cemerick.friend/required-roles #{:pts.server/admin}, >> :cemerick.friend/exprs ["Admin only"], :cemerick.friend/type :unauthorized, >> :cemerick.friend/identity nil} >> >> What am I doing wrong here? >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Clojure" group. >> To post to this group, send email to [email protected] >> Note that posts from new members are moderated - please be patient with >> your first post. >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/clojure?hl=en >> --- >> You received this message because you are subscribed to the Google Groups >> "Clojure" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google > Groups "Clojure" group. > To post to this group, send email to [email protected] > Note that posts from new members are moderated - please be patient with > your first post. > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/clojure?hl=en > --- > You received this message because you are subscribed to a topic in the > Google Groups "Clojure" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/clojure/yk32Imtd5u8/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to [email protected] Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
