On Tue, Nov 25, 2008 at 7:11 PM, Jon Hancock <[EMAIL PROTECTED]> wrote:
> > Jan, > I have the auth slice working well. > It should not interfere with what you want to do. From what I can > tell, you want your controller action to optionally check some params > of the request and then set the session to authenticated in certain > cases. > This is easily done in whatever controller action you have and then if > the login credentials are good, you simply have a line of code like > "session.user = @user" and from then on for the rest of the request > you have a properly authenticated session and all works as you would > want. > > As an example, in my app, I have the controller action where the user > activates their account by confirming their email address. In this > step they also set their display_name and password for the first > time. On success, I don't want to force my user to go through the > login form since they just gave me successful credentials. Instead, > on success, I set session.user to the user I just confirmed and now > they are logged in. > > Jon > > On Nov 23, 10:47 pm, Jan Kassens <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I'm pretty new to merb and played around with the merb-auth slice. I'm > > wondering if it's possible (or rather how) to authenticate a user if > > authentication information is passed to the request (as in 'curl -u > > jan:secret localhost:4000/things'). > > > > Example would be to display additional information to an api request > > when the user provided valid login credentials. (i dont care what > > happens when invalid credentials are passed, 403 forbidden or the no > > login provided output) > > > Jan are you intending to just try to login, or just use the user object if someone is already logged in? If you're not expecting for a person to login via an action, and you want to allow both logged in and not logged in people, then you can just use session.authenticated? and session.user. If someone is logged in those items will be available and if not they won't. You don't have to use before :ensure_authenticated to get the user in and out of the session. session.user will take care of that for you. It seems that there are a few requests for the other though, where it will actively try to log someone in if they're not logged in, and just let it pass if it fails. Is this what you mean? Cheers --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
