From: Ian Jackson Date: Sat, 10 Nov 2012 17:21:45 +0000 (+0000) Subject: wip X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=commitdiff_plain;h=edba190acf5982ec65b3775c27e4a8048abd4b3a wip --- diff --git a/DESIGN b/DESIGN index 247546d..3a172c7 100644 --- a/DESIGN +++ b/DESIGN @@ -54,3 +54,33 @@ does not support persistent cookie, as that needs two db entries etc. two cookies complicated api clearing cookies always logs out + + +---------------------------------------- + +app supplies + + - func to tell whether it's a login form, + defaults to password form field + - func to check login details + - func to tell whether it's a logout form, + defaults to logout action form field list + - func to tell whether it's programmatic + defaults to always false, somewhat poor EH + +we supply + + - thing to call right at the beginning, + tells app to divert to one of + just logged out page + cookies disabled page + stale form login form + login form + "session interrupted" + a redirect + + - version of the above which deals with the request + + - thing which app must call when mutating + (alternatively app must check that method is POST for mutates) + (alternatively.2 every GETs is decreed to produce a login form) diff --git a/cgi-auth-hybrid.pm b/cgi-auth-hybrid.pm index 2e0623d..953db15 100644 --- a/cgi-auth-hybrid.pm +++ b/cgi-auth-hybrid.pm @@ -353,41 +353,21 @@ CGI::Auth::Hybrid - web authentication optionally using cookies =head1 USAGE PATTERN FOR SIMPLE APPLICATIONS - if ( form submission is login request ) { - check login details, if wrong print error and quit - $authreq->record_login(...username...); - } - if ( form submission is logout request ) { - my $logged_out_user = $authreq->logout(); - if (!defined $logged_out_user) { - print "you are not logged in" error and quit - } else { - print "goodbye $username you are now logged out" and quit - } - } - if ( !$authreq->check() ) { - display login form, quit + $authreq->check_ok() or return; + blah blah blah + $authreq->mutating(); + blah blah blah =head1 USAGE PATTERN FOR FANCY APPLICATIONS - if ( form submission is login request ) { - check login details, if wrong print error and quit - $authreq->record_login(...username...); - } - if ( !$authreq->check() ) { - display login form, quit - if ( form submission is logout request ) { - die unless $authreq->mutate(); - my $logged_out_user = $authreq->logout(); - if (!defined $logged_out_user) { - print "you are not logged in" error and quit - } else { - print "goodbye $username you are now logged out" and quit + my $divert_kind = $authreq->check_divert(); + if ($divert_kind) { + if ($divert_kind eq 'LOGGEDOUT') { + print "goodbye you are now logged out" and quit + } elsif ($divert_kind eq 'NOCOOKIES') { + print "you need cookies" and quit + ... etc. } } - -advantages of cookie - - user can sort of log out by clearing cookies - - sophisticated applications can have get-requests diff --git a/junk b/junk new file mode 100644 index 0000000..ebdec06 --- /dev/null +++ b/junk @@ -0,0 +1,30 @@ + if ( form submission is login request ) { + check login details, if wrong print error and quit + $authreq->record_login(...username...); + } + if ( !$authreq->check() ) { + display login form, quit + + + if ( form submission is login request ) { + check login details, if wrong print error and quit + $authreq->record_login(...username...); + } + if ( form submission is logout request ) { + die unless $authreq->mutate(); + my $logged_out_user = $authreq->logout(); + if (!defined $logged_out_user) { + print "you are not logged in" error and quit + } else { + print "goodbye $username you are now logged out" and quit + } + } + if ( !$authreq->check() ) { + display login form, quit + + +advantages of cookie + - user can sort of log out by clearing cookies + - sophisticated applications can have get-requests + +