I just checked, with the given code, after I switch the order of
middlewares, a POST to /login gives me a 302 redirect to
/login?&login_failed=Y while a POST with the correct credentials gives me a
303 to /.

I'm sorry I cannot explain why, however.

On Wednesday, 6 August 2014, Gary Verhaegen <[email protected]>
wrote:

> I was wrong, sorry. Looking at the code for
> c.f.workflows/interactive-form, you can indeed see where it intercepts a
> POST request to the provided :login-uri (lines 84-85 on current master).
>
> Which means I have absolutely no idea why it gives you a 404, except maybe
> if it is related to the other point about the order of middlewares.
>
> Sorry for the confusion.
>
> On Wednesday, 6 August 2014, Jonathon McKitrick <[email protected]
> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote:
>
>> I'm confused.  None of the examples shown implemented the login POST
>> handler.  The docs implied it was already part of the middleware:
>>
>> From https://github.com/cemerick/friend :
>> >>>
>> The example above defines a single workflow — one supporting the POSTing
>> of :username and :password parameters to (by default) /login — which
>> will discover the specified :credential-fn and use it to validate
>> submitted credentials.
>> <<<
>>
>>
>> --
>> Jonathon McKitrick
>>
>>
>> On Wed, Aug 6, 2014 at 10:46 AM, Gary Verhaegen <[email protected]
>> > wrote:
>>
>>> 1. No, you have to provide it (as a non-protected route, obviously).
>>> 2. The order in which you apply the handler/site and friend/authenticate
>>> middlewares is reversed: friend needs the session (and others), so it
>>> should come "after" (or rather "within") the handler/site to work properly
>>> (in execution order).
>>>
>>>
>>> On Wednesday, 6 August 2014, Jonathon McKitrick <[email protected]>
>>> wrote:
>>>
>>>>  First, the code:
>>>>
>>>> (ns pts.server
>>>>   (:use [compojure.core])
>>>>   (:require [ring.adapter.jetty :as jetty]
>>>>             [ring.util.response :as response]
>>>>             [compojure.handler :as handler]
>>>>             [compojure.route :as route]
>>>>             [cemerick.friend :as friend]
>>>>             (cemerick.friend [workflows :as workflows]
>>>>                              [credentials :as creds])))
>>>>
>>>> (defroutes www-routes
>>>>   (GET "/locked" [] (friend/authorize #{::admin} "Admin only"))
>>>>   (GET "/home" [] (response/file-response "home.html" {:root
>>>> "resources/public"}))
>>>>   (GET "/login" [] (response/file-response "login.html" {:root
>>>> "resources/public"}))
>>>>   (GET "/" [] (response/redirect "index.html"))
>>>>   (route/resources "/")
>>>>   (route/not-found "Not Found"))
>>>>
>>>> (def app (handler/site www-routes))
>>>>
>>>> (def users {"root" {:username "root"
>>>>                     :password (creds/hash-bcrypt "toor")
>>>>                     :roles #{::admin}}})
>>>>
>>>> (def secure-app
>>>>   (-> app
>>>>       (friend/authenticate {:unauthorized-handler #(response/status
>>>> (response/response "NO") 401)
>>>>                             :credential-fn (partial
>>>> creds/bcrypt-credential-fn users)
>>>>                             :workflows
>>>> [(workflows/interactive-form)]})))
>>>>
>>>> (defn -main [& args]
>>>>   (let [port (Integer/parseInt (get (System/getenv) "PORT" "3000"))]
>>>>     (jetty/run-jetty secure-app {:port port :join? false})))
>>>>
>>>> It's dead simple, but 2 major things are not working.
>>>>
>>>> 1.  The POST to /login to submit the login form gives a 404 Not Found.
>>>> Isn't the POST handler part of the friend/authenticate middleware?
>>>> 2.  Attempts to access the /locked URL throw an exception and a
>>>> stacktrace, rather than calling the unauthorized handler:
>>>> throw+: {:cemerick.friend/required-roles #{:pts.server/admin},
>>>> :cemerick.friend/exprs ["Admin only"], :cemerick.friend/type :unauthorized,
>>>> :cemerick.friend/identity nil}
>>>>
>>>> What am I doing wrong here?
>>>>
>>>>  --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Clojure" group.
>>>> To post to this group, send email to [email protected]
>>>> Note that posts from new members are moderated - please be patient with
>>>> your first post.
>>>> To unsubscribe from this group, send email to
>>>> [email protected]
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/clojure?hl=en
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Clojure" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Clojure" group.
>>> To post to this group, send email to [email protected]
>>> Note that posts from new members are moderated - please be patient with
>>> your first post.
>>> To unsubscribe from this group, send email to
>>> [email protected]
>>> For more options, visit this group at
>>> http://groups.google.com/group/clojure?hl=en
>>> ---
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "Clojure" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/clojure/yk32Imtd5u8/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google
>> Groups "Clojure" group.
>> To post to this group, send email to [email protected]
>> Note that posts from new members are moderated - please be patient with
>> your first post.
>> To unsubscribe from this group, send email to
>> [email protected]
>> For more options, visit this group at
>> http://groups.google.com/group/clojure?hl=en
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Clojure" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to [email protected]
Note that posts from new members are moderated - please be patient with your 
first post.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to