Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include request.auth or request.auth.credentials in default view template context #2419

Closed
mtharrison opened this issue Feb 19, 2015 · 4 comments
Closed

Include request.auth or request.auth.credentials in default view template context #2419

mtharrison opened this issue Feb 19, 2015 · 4 comments
Assignees
@hueniverse
Labels
feature New functionality or improvement

Comments

@mtharrison
Copy link
Contributor

I think it would be useful to have request.auth.credentials be included in the default template context.

Here's my reasoning for that:

For pretty much any website that has a login feature, parts of the page will be rendered conditionally based on the current user's state. Perhaps it will display their username in the header and show a logout button for logged-in users.

I usually build my sites out at first without any auth and then add auth at a later stage. If I'm using a common layout, I would later need to add something like the following to the handler of every route.

handler: function (request, reply) {
    ...
    reply.view('index', {
        credentials: request.auth.credentials
    })
}

And in my template I might have something like:

{{#if credentials.firstName}}
    <h1>Welcome back {{credentials.firstName}}!</h1>
{{else}}
    <h1>Welcome guest!</h1>
{{/if}}

The time and extra clutter in handlers could be saved by including request.auth.credentials in the default template context.
@ubaltaci
Copy link

Why dont you use onPreResponse extension point insert credentials automatically to view context ?

I use something like below;

server.ext("onPreResponse", function (request, reply) {
    var response = request.response;
    if (response.variety && response.variety === "view") {
        response.source.context = response.source.context || {};
        response.source.context["user"] = request.auth.isAuthenticated ? request.auth.credentials : {};
    }
    return reply.continue();
});

@hueniverse
Copy link
Contributor

I'm conflicted about exposing security information to every default context. Also, credentials alone are not enough as you can have credentials and the user is not authenticated (e.g. expired cookie with 'try' mode). I think the proposed extension point is a better idea for now.

@hueniverse hueniverse self-assigned this Feb 19, 2015
@mtharrison
Copy link
Contributor Author

Ok thanks @hueniverse for the explanation. And thanks @ubaltaci for the onPreResponse idea. I hope you don't mind, I've made a plugin (hapi-context-credentials) out of it because it's something I need very often.

@mtharrison mtharrison mentioned this issue Mar 14, 2015
Closed
@mtharrison mtharrison mentioned this issue Jun 3, 2016
Closed
@geuis geuis mentioned this issue Jul 11, 2016
Closed
@Marsup Marsup added feature New functionality or improvement and removed request labels Sep 20, 2019
@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hueniverse hueniverse

Labels
feature New functionality or improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hueniverse @Marsup @mtharrison @ubaltaci