Hi all -
I've given a go to things here and want to run the code by this list
for review. All comments that may lead to more efficient or effective
code, or code that is in better alignment with the MG framework, is
welcomed!
I start with an event type that checks one's login status. If someone
is not logged in, then they are redirected to the loginform event:
<event-type name="securedevent">
<before>
<broadcasts>
<message name="checkLoginStatus" />
</broadcasts>
<results>
<result name="notLoggedIn" do="loginform"
redirect="true"
append="returnURL" />
</results>
</before>
</event-type>
(Note the append attribute of the result element. Right now, I'm not
clear on why I needed this, but this process doesn't work without it.)
If a user is not logged in, then the checkloginstatus function of the
controller does a couple of things ... it sets a returnURL value to
the event scope, and adds the notLoggedIn result that forces one to
the loginform event:
<cffunction name="checkLoginStatus" access="public" returntype="void"
output="false">
<cfargument name="event" type="any" />
<cfscript>
var User = arguments.event.getValue('User');
if (User.isloggedin()) {
arguments.event.setValue('isloggedin',1);
arguments.event.addResult('isLoggedIn');
}
else {
arguments.event.setValue('returnURL',returnURL());
arguments.event.setValue('isloggedin',0);
arguments.event.addResult('notLoggedIn');
}
return;
</cfscript>
</cffunction>
The returnURL function returns a string that is the currently
requested URL. If the event requested is the loginform event, then the
value is set to only the http host (e.g. the default event of the MG
application):
<cffunction name="returnURL" access="private" returntype="string"
output="false">
<cfargument name="event" type="any" />
<cfscript>
var s = "http://#cgi.http_host##cgi.script_name#?
#cgi.query_string#";
if (FindNoCase('loginform',s) gt 0) {
s = "http://#cgi.http_host#";;
}
return s;
</cfscript>
</cffunction>
The loginform event forces an encrypted connection, and displays ...
the login form! The values from the login form (one of them being the
returnURL value) are passed to the authenticate event:
<event-handler name="loginform" type="">
<broadcasts>
<message name="forceHTTPS" />
</broadcasts>
<results>
<result do="template.login" />
</results>
<views>
<include name="body" template="pages/loginform.cfm">
<value name="xe.authenticate" value="authenticate" />
</include>
</views>
</event-handler>
The authenticate event initiates the authenticate function found in
the controller, and returns the user to the loginform event if there
exists a badLogin result:
<event-handler name="authenticate" type="">
<broadcasts>
<message name="authenticate" />
</broadcasts>
<results>
<result name="badLogin" do="loginform" redirect="true" />
</results>
</event-handler>
The authenticate function leverages an authentication service that
validates a username/password pair. If the pair is not valid, the
function adds a badLogin result the the event scope. If the pair is
valid, the function calls the user's login function (isloggedin=1),
logs their access to the app, and provides the value of returnURL to
the launchpad function:
<cffunction name="authenticate" access="public" returntype="void"
output="false">
<cfargument name="event" type="any" />
<cfscript>
var User = arguments.event.getValue('User');
var username = arguments.event.getValue('username');
var password = arguments.event.getValue('password');
var returnURL = arguments.event.getValue('returnURL');
var s = beans.AuthenticationService.authenticate
(username='#username#',password='#password#');
if (s.valid is false) {
arguments.event.setValue('message','Invalid
username/password pair,
please try again.');
arguments.event.addResult('badLogin');
}
else {
User.login();
accesslog(username);
launchpad(returnURL);
}
return;
</cfscript>
</cffunction>
The launchpad function breaks the flow of the MG framework; via
cflocation, it forwards the user to the returnURL:
<cffunction name="launchpad" access="private" returntype="void"
output="false">
<cfargument name="returnURL" type="string" required="true" />
<cflocation url="#arguments.returnURL#" addtoken="false" />
<cfreturn />
</cffunction>
Thanks for getting this far ... Though MG is fairly self-documenting,
I hope the added words helped you with following the flow of this
process. Again, suggestions welcomed!
garence
On Oct 5, 10:10 am, garence <[email protected]> wrote:
> Hi all -
>
> I have an app that requires authentication. What I want to do is
> capture a user's requested url
> (i.e.http://www.example.com/index.cfm?event=someothereventbesidesthedefaul...)
> before they're forced to the login form, then redirect them to their
> requested page after they've successfully authenticated to the app.
>
> Any suggestions on how I might best accomplish this within the MG
> framework?
>
> garence
--~--~---------~--~----~------------~-------~--~----~
Model-Glue Sites:
Home Page: http://www.model-glue.com
Documentation: http://docs.model-glue.com
Bug Tracker: http://bugs.model-glue.com
Blog: http://www.model-glue.com/blog
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/model-glue?hl=en
-~----------~----~----~----~------~----~------~--~---
