TASK: Refactor to fusion #26
Conversation
|
This is an enhanced version of #25 |
|
An important question for the review is wether passing the redirect target uris to the controller is safe or wether we have to add some signing here. |
| element { | ||
| redirectAfterLoginUri = Neos.Neos:NodeUri { | ||
| node = ${q(node).property('redirectAfterLogin')} |
There was a problem hiding this comment.
This will not work when the target page needs the front-end user privilege.
In this case a url to the login page is created instead.
So I think we have to access the node in the authentication controller somehow.
There was a problem hiding this comment.
Hmm, maybe getting rid of the plugin has some side effects :-/ not sure how to solve this safe and sane.
There was a problem hiding this comment.
A way around would be to drop the redirectAfter-feature and just always send the user back to the referer wich uses arguments that are signed with an hmac.
However finding a way to transport this safely to the controller without relying on plugins would be a really nice example for such cases.
There was a problem hiding this comment.
I wonder a bit how it worked before. Did that work before?
Other ways:
- Providing a linkeditor for both uris would of course also make it possible to give a relative url. Not the best solution but maybe would anyway make sense for other usecases.
- Give the login form node identifier to the controller and let it build the uri from its properties when it has the required privileges. Would require us to duplicate some code from the NodeUri builder I guess.
There was a problem hiding this comment.
The plugin evaluates the path redirectAfterLoginUri after the login and not immediately. Maybe we could create a lazyEvaluationProxy fusionObject as wrapper for the NodeUri :-/
BTW: I just found out that the FusionTemplate does similar things for all untyped properties.
There was a problem hiding this comment.
Core of the problem is that props are usually evaluated immediately and not once they are accessed. Changing that is not that simple as you can see here neos/neos-development-collection#2738
There was a problem hiding this comment.
So which way should we go then. Back to the plugin for now?
There was a problem hiding this comment.
Either use your original pr or find a solution here which will take time and a sprint would be a good idea.
There was a problem hiding this comment.
But then I would prefer the plugin approach for now. Would love to have this and not wait 5-6 months.
With some more experience from this we also have a better idea until the sprint to remove the plugin part.
Do you want to create another PR with my commit + your cleanup adjustments?
|
|
||
| <div> | ||
| <label for="flowpack-neos-frontendlogin-username" class="col-sm-2 control-label"> |
There was a problem hiding this comment.
| <label for="flowpack-neos-frontendlogin-username" class="col-sm-2 control-label"> | |
| <label for="flowpack-neos-frontendlogin-username"> |
| </div> | ||
| <div> | ||
| <label for="flowpack-neos-frontendlogin-password" class="col-sm-2 control-label"> |
There was a problem hiding this comment.
| <label for="flowpack-neos-frontendlogin-password" class="col-sm-2 control-label"> | |
| <label for="flowpack-neos-frontendlogin-password"> |
| form.target.controller="Authentication" | ||
| form.target.action="logout" | ||
| attributes.class="form-horizontal clearfix" |
There was a problem hiding this comment.
| attributes.class="form-horizontal clearfix" |
|
Thanks for making my PR so much better :) |
|
@Sebobo did not dare to push your branch as those changes are quite radical and we still might run into things that require a plugin. |
Replace the Fluid rendering and Plugin logic with pure AFX and Fusion based rendering.
The rendering is very basic and non opinionated but can be easyly adjusted by overriding
the rendering prototypes: