On Wed, Nov 26, 2008 at 8:14 PM, Jan Kassens <[EMAIL PROTECTED]> wrote:
> For me it would be enough if the authentication slice would just use http > basic authentication details if present and login the user, somewhere quite > at the start of the whole request chain.I'm just trying to provide an API > to the same action, say an action to get the status, and if the the API call > was done with login details some extra info will be attached. > I don't see how you'd use this with openid for example. If a user tries to > login he'll be using a login page imho. > > Jan > > I don't understand what you mean. What I showed above will try to log you in. If you only want to use basic auth for this then just use the basicauth strategy for your logins... You might not use openid, but others do... I'm thinking out loud of a solution to "try" and authenticate that will still allow openid to function. Cheers Daniel > > On Nov 26, 2008, at 10:07, Daniel N wrote: > > > > On Wed, Nov 26, 2008 at 7:57 PM, Jan Kassens <[EMAIL PROTECTED]> wrote: > >> >> On Nov 26, 2008, at 1:03, Daniel N wrote: >> >> It seems that there are a few requests for the other though, where it will >> actively try to log someone in if they're not logged in, and just let it >> pass if it fails. Is this what you mean? >> >> >> Yep, thats exactly what I was trying to do, and this block inside the >> action seems to do the trick, but it's a hack: >> >> begin >> session.authenticate! request, params >> rescue Unauthenticated >> # Don't require the login >> end >> >> If I'm passing passing valid http basic authentication login details via >> curl it actively logins, but works as unauthenticated if not. >> >> -- >> Jan - MooTools comitter >> twitter/blog: http://kassens.net >> >> > gotcha. This should be done in a before filter tbh since you really only > want to rescue the unauthenticated error but allow redirection for stuff > like openid right? > > I've been thinking about adding a method like try_authentication which > would effectively be something like this > > before :try_authentication > > private > def try_authentication(*args) > begin > ensure_authenticated(*args) > rescue Unauthenticated > end > end > > So basically the same as what you have, but I'd let ensure_authenticated > handle it so it could do redirection and throwing and other before filtery > stuff. There would be a simliar solution for routes as well. > > It'd be nice if someone could test it out and let me know how it works > first though ;) ;) > > Cheers > Daniel > > > > > > -- > Jan - MooTools comitter > twitter/blog: http://kassens.net > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
