You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Oscar Picasso <os...@yahoo.com> on 2004/10/13 18:01:51 UTC
Authentication "lost" in flowscript
I have a problem when combining the authentication framework with flowscript.
Here is the relevant code.
<map:match pattern="">
<map:act type="auth-loggedIn">
<map:parameter name="handler" value="managehandler"/>
<map:act type="auth-protect">
<map:parameter name="handler" value="managehandler"/>
<map:generate
src="cocoon:/{session-context:authentication/authentication/ID}"/>
<map:serialize type="xhtml"/>
</map:act>
</map:act>
<map:redirect-to uri="login"/>
</map:match>
...
function login(form) {
var model = form.getModel();
var email = cocoon.parameters["email"];
var handler = cocoon.parameters["handler"];
print("email: " + email);
print("handler: " + handler);
if(email != null && email != "")
{
model.email = email;
}
form.showForm("login/form/display");
cocoon.request.setAttribute("email", model.email);
cocoon.request.setAttribute("password", model.password);
var authenticated = auth_login(handler, null, {})
if(authenticated)
{
print("authenticated");
cocoon.sendPage("/"); [1]
}
else
{
print("not authenticated");
cocoon.sendPage("/authentication-failure");
}
}
[1] Actually send the page relevant to the actual authenticated user (when the
user is authenticated the pipeline actually generate
"cocoon:/{session-context:authentication/authentication/ID}")
This part works great.
Now, from inside the "user page", I have a link that points to the "password"
pipeline.
<map:match pattern="password">
<map:act type="auth-protect"> <!-- give access to the context -->
<map:parameter name="handler" value="managehandler"/>
<map:call function="handleForm">
<map:parameter name="function" value="password"/>
<map:parameter name="form-definition" value="cocoon:/password-form"/>
</map:call>
</map:act>
</map:match>
...
function password(form) {
form.showForm("password/form/display");
cocoon.sendPage("/"); [2]
}
The form is properly displayed when the user is authenticated.
I have also printed the context info from inside the password function and it
properly prints all the authentication user info. However on submitting the
password form, the cocoon.sendPage("/") [2] sends an empty page to the browser.
I have also tried to send others protected pages from the password function and
it redisplays the initial login just like if the user authentication were lost.
Any idea?
NOTE: the password pipeline is actually supposed to do something more useful. I
made it simpler just to try to understand what's going on.
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication "lost" in flowscript [SOLVED]
Posted by Oscar Picasso <os...@yahoo.com>.
Just solved after my previous posting.
Actually, as I didn't use cookies, nor url encoding for my password form
action, the user session got 'lost' on diplaying the form.
I wrongfully assumed, that while I was using continuations I didn't need to
keep track of the user session.
--- Oscar Picasso <os...@yahoo.com> wrote:
> I have a problem when combining the authentication framework with flowscript.
> Here is the relevant code.
>
> <map:match pattern="">
> <map:act type="auth-loggedIn">
> <map:parameter name="handler" value="managehandler"/>
> <map:act type="auth-protect">
> <map:parameter name="handler" value="managehandler"/>
> <map:generate
> src="cocoon:/{session-context:authentication/authentication/ID}"/>
> <map:serialize type="xhtml"/>
> </map:act>
> </map:act>
> <map:redirect-to uri="login"/>
> </map:match>
> ...
>
> function login(form) {
>
> var model = form.getModel();
> var email = cocoon.parameters["email"];
> var handler = cocoon.parameters["handler"];
> print("email: " + email);
> print("handler: " + handler);
>
> if(email != null && email != "")
> {
> model.email = email;
> }
>
> form.showForm("login/form/display");
>
> cocoon.request.setAttribute("email", model.email);
> cocoon.request.setAttribute("password", model.password);
>
> var authenticated = auth_login(handler, null, {})
>
> if(authenticated)
> {
> print("authenticated");
> cocoon.sendPage("/"); [1]
> }
> else
> {
> print("not authenticated");
> cocoon.sendPage("/authentication-failure");
> }
> }
>
> [1] Actually send the page relevant to the actual authenticated user (when
> the
> user is authenticated the pipeline actually generate
> "cocoon:/{session-context:authentication/authentication/ID}")
> This part works great.
>
> Now, from inside the "user page", I have a link that points to the "password"
> pipeline.
>
> <map:match pattern="password">
> <map:act type="auth-protect"> <!-- give access to the context -->
> <map:parameter name="handler" value="managehandler"/>
> <map:call function="handleForm">
> <map:parameter name="function" value="password"/>
> <map:parameter name="form-definition" value="cocoon:/password-form"/>
> </map:call>
> </map:act>
> </map:match>
> ...
>
> function password(form) {
> form.showForm("password/form/display");
> cocoon.sendPage("/"); [2]
> }
>
> The form is properly displayed when the user is authenticated.
>
> I have also printed the context info from inside the password function and it
> properly prints all the authentication user info. However on submitting the
> password form, the cocoon.sendPage("/") [2] sends an empty page to the
> browser.
>
> I have also tried to send others protected pages from the password function
> and
> it redisplays the initial login just like if the user authentication were
> lost.
>
> Any idea?
>
> NOTE: the password pipeline is actually supposed to do something more useful.
> I
> made it simpler just to try to understand what's going on.
>
>
>
> _______________________________
> Do you Yahoo!?
> Declare Yourself - Register online to vote today!
> http://vote.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org