You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Oscar Picasso <os...@yahoo.com> on 2004/10/13 18:01:51 UTC

Authentication "lost" in flowscript

I have a problem when combining the authentication framework with flowscript.
Here is the relevant code.

<map:match pattern="">
  <map:act type="auth-loggedIn"> 
    <map:parameter name="handler" value="managehandler"/>
    <map:act type="auth-protect">
      <map:parameter name="handler" value="managehandler"/>
      <map:generate
src="cocoon:/{session-context:authentication/authentication/ID}"/>
      <map:serialize type="xhtml"/>
    </map:act>
  </map:act>
  <map:redirect-to uri="login"/>
</map:match>
...

function login(form) {

  var model = form.getModel();
  var email = cocoon.parameters["email"];
  var handler = cocoon.parameters["handler"];
  print("email: " + email);
  print("handler: " + handler);

  if(email != null && email != "")
  {
    model.email = email;
  }

  form.showForm("login/form/display");

  cocoon.request.setAttribute("email", model.email);
  cocoon.request.setAttribute("password", model.password);

  var authenticated = auth_login(handler, null, {})

  if(authenticated)
  {
    print("authenticated");
    cocoon.sendPage("/"); [1]
  }
  else
  {
    print("not authenticated");
    cocoon.sendPage("/authentication-failure");
  }
}

[1] Actually send the page relevant to the actual authenticated user (when the
user is authenticated the pipeline actually generate
"cocoon:/{session-context:authentication/authentication/ID}")
This part works great.

Now, from inside the "user page", I have a link that points to the "password"
pipeline.

<map:match pattern="password">
    <map:act type="auth-protect">  <!-- give access to the context -->
      <map:parameter name="handler" value="managehandler"/>
      <map:call function="handleForm">
        <map:parameter name="function" value="password"/>
        <map:parameter name="form-definition" value="cocoon:/password-form"/>
      </map:call>
    </map:act>
</map:match>
...

function password(form) {
  form.showForm("password/form/display");
  cocoon.sendPage("/"); [2]
}

The form is properly displayed when the user is authenticated.

I have also printed the context info from inside the password function and it
properly prints all the authentication user info. However on submitting the
password form, the cocoon.sendPage("/") [2] sends an empty page to the browser.

I have also tried to send others protected pages from the password function and
it redisplays the initial login just like if the user authentication were lost.

Any idea?

NOTE: the password pipeline is actually supposed to do something more useful. I
made it simpler just to try to understand what's going on.


		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Authentication "lost" in flowscript [SOLVED]

Posted by Oscar Picasso <os...@yahoo.com>.

Just solved after my previous posting.

Actually, as I didn't use cookies, nor url encoding for my password form
action, the user session got 'lost' on diplaying the form.

I wrongfully assumed, that while I was using continuations I didn't need to
keep track of the user session.


--- Oscar Picasso <os...@yahoo.com> wrote:

> I have a problem when combining the authentication framework with flowscript.
> Here is the relevant code.
> 
> <map:match pattern="">
>   <map:act type="auth-loggedIn"> 
>     <map:parameter name="handler" value="managehandler"/>
>     <map:act type="auth-protect">
>       <map:parameter name="handler" value="managehandler"/>
>       <map:generate
> src="cocoon:/{session-context:authentication/authentication/ID}"/>
>       <map:serialize type="xhtml"/>
>     </map:act>
>   </map:act>
>   <map:redirect-to uri="login"/>
> </map:match>
> ...
> 
> function login(form) {
> 
>   var model = form.getModel();
>   var email = cocoon.parameters["email"];
>   var handler = cocoon.parameters["handler"];
>   print("email: " + email);
>   print("handler: " + handler);
> 
>   if(email != null && email != "")
>   {
>     model.email = email;
>   }
> 
>   form.showForm("login/form/display");
> 
>   cocoon.request.setAttribute("email", model.email);
>   cocoon.request.setAttribute("password", model.password);
> 
>   var authenticated = auth_login(handler, null, {})
> 
>   if(authenticated)
>   {
>     print("authenticated");
>     cocoon.sendPage("/"); [1]
>   }
>   else
>   {
>     print("not authenticated");
>     cocoon.sendPage("/authentication-failure");
>   }
> }
> 
> [1] Actually send the page relevant to the actual authenticated user (when
> the
> user is authenticated the pipeline actually generate
> "cocoon:/{session-context:authentication/authentication/ID}")
> This part works great.
> 
> Now, from inside the "user page", I have a link that points to the "password"
> pipeline.
> 
> <map:match pattern="password">
>     <map:act type="auth-protect">  <!-- give access to the context -->
>       <map:parameter name="handler" value="managehandler"/>
>       <map:call function="handleForm">
>         <map:parameter name="function" value="password"/>
>         <map:parameter name="form-definition" value="cocoon:/password-form"/>
>       </map:call>
>     </map:act>
> </map:match>
> ...
> 
> function password(form) {
>   form.showForm("password/form/display");
>   cocoon.sendPage("/"); [2]
> }
> 
> The form is properly displayed when the user is authenticated.
> 
> I have also printed the context info from inside the password function and it
> properly prints all the authentication user info. However on submitting the
> password form, the cocoon.sendPage("/") [2] sends an empty page to the
> browser.
> 
> I have also tried to send others protected pages from the password function
> and
> it redisplays the initial login just like if the user authentication were
> lost.
> 
> Any idea?
> 
> NOTE: the password pipeline is actually supposed to do something more useful.
> I
> made it simpler just to try to understand what's going on.
> 
> 
> 		
> _______________________________
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
> http://vote.yahoo.com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org