-
-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't redirect to login page on missing current account
Currently, the `#current_account` method will redirect to the login page if the user is not logged in or their account record has been deleted/closed. This behaviour was originally added primarily to make development smoother, where people can delete account records from the console. Since `rodauth.require_login` and `rodauth.require_authentication` don't check for existence of the account record, doing this would result in errors. However, now that `rodauth.require_account` is a public method, we recommend using it so that the account record is immediately retrieved and thus its existence is checked at the beginning of the request. This works similarly to Devise's `authenticate_user!` controller helper. `rodauth.require_login` and `rodauth.require_authentication` still have their place if the developer wants to avoid the performance penalty of retrieving the account record when it's not needed. Since now one can easily check for existence of the account record while checking for authentication, there is no need for `#current_account` to redirect to the login page on missing account anymore, so we remove it. This makes `current_account` behave more like Devise, and makes it more versatile, allowing users to call it to check if the user is logged in (which people used to Devise attempt to do). It also makes integration with gems like Audited easier, which attempts to retrieve the current account, so that it can associate it with audit logs. This change will be backwards incompatible for applications relying on graceful recovery when account record of a logged in session has been closed/deleted. However, given that `#current_account` method logs the session out when the account record was not found, that error will disappear on next refresh. It think that's a good trade-off for removing surprises.
- Loading branch information
Showing
6 changed files
with
9 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,7 +8,7 @@ def auth1 | |
end | ||
|
||
def auth2 | ||
rodauth.require_authentication | ||
rodauth.require_account | ||
|
||
render :template | ||
end | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters