Hmm, I wasn't aware of auth.login_bare(). Will have to check it out.
As far as decorators are concerned, I have already begun tinkering
with a method like you mention, so we are on the same wavelength about
where to do it. I just have to figure out how. If I redirect to a
URL('default','index'), and that contains a response.js='ajax(blah
blah);', will the response.js get executed or will I need to do the
HTTP(200) trick again?On Mar 23, 10:09 pm, Anthony <[email protected]> wrote: > > After much tinkering with modal login, I'm formulating the following > > opinions: > > - modal login is a powerful and useful capability > > - modal login is not well supported by web2py and not at all a > > functionality that newbies would be able to implement easily. > > Sorry, I keep forgetting about > auth.login_bare():http://web2py.com/books/default/chapter/29/9#Manual-Authentication. > That might be a better way to go when implementing something like a modal > login. You can control all the logic regarding displaying the login form, > submitting credentials, returning responses, etc., and just use > auth.login_bare() to check the credentials and update auth.user upon > successful login. Then you don't have to worry about working around the > automatic redirects in auth.login(). > > For instance, if you decorate with > > > @auth.requires_login(), then you're going to run into trouble. That's > > because you'll be redirected to a login page, which doesn't exist. > > - the implementation of auth does not natively support components. > > This can get tricky. When the browser requests a URL that happens to be > decorated with @auth.requires_login(), it may be requesting a full page > (i.e., not just an Ajax response), so the action has to return a full page. > If the user isn't logged in, what page should be returned in that case > (given that there is no dedicated login page)? One option might be > something like this: > > auth.settings.login_url = URL('default', 'index', vars=dict(login='true')) > > Then, on the index page, include some JS that checks the URL query string > upon page load, and if it includes "login=true", pop up the login modal. > > Another option is to have a dedicated login page in addition to the modal > login. Use the modal when the user explicitly chooses to login, but use the > login page when you have to redirect from a protected URL. I think that's a > fairly common approach. > > Anthony
