> > After much tinkering with modal login, I'm formulating the following > opinions: > - modal login is a powerful and useful capability > - modal login is not well supported by web2py and not at all a > functionality that newbies would be able to implement easily.
Sorry, I keep forgetting about auth.login_bare(): http://web2py.com/books/default/chapter/29/9#Manual-Authentication. That might be a better way to go when implementing something like a modal login. You can control all the logic regarding displaying the login form, submitting credentials, returning responses, etc., and just use auth.login_bare() to check the credentials and update auth.user upon successful login. Then you don't have to worry about working around the automatic redirects in auth.login(). For instance, if you decorate with > @auth.requires_login(), then you're going to run into trouble. That's > because you'll be redirected to a login page, which doesn't exist. > - the implementation of auth does not natively support components. > This can get tricky. When the browser requests a URL that happens to be decorated with @auth.requires_login(), it may be requesting a full page (i.e., not just an Ajax response), so the action has to return a full page. If the user isn't logged in, what page should be returned in that case (given that there is no dedicated login page)? One option might be something like this: auth.settings.login_url = URL('default', 'index', vars=dict(login='true')) Then, on the index page, include some JS that checks the URL query string upon page load, and if it includes "login=true", pop up the login modal. Another option is to have a dedicated login page in addition to the modal login. Use the modal when the user explicitly chooses to login, but use the login page when you have to redirect from a protected URL. I think that's a fairly common approach. Anthony
