Authenticated Route Constraints #1147

Merged
merged 4 commits into from Jun 23, 2011

Conversation

Projects
None yet
6 participants
@sj26
Contributor

sj26 commented Jun 18, 2011

Allows routing based on authentication state, optionally by scope.

The example included in the comments for #authenticated:

authenticated :admin do
  root :to => 'admin/dashboard#show'
end

authenticated do
  root :to => 'dashboard#show'
end

root :to => 'landing#show'
@josevalim

This comment has been minimized.

Show comment
Hide comment
@josevalim

josevalim Jun 18, 2011

Member

Thanks for the pull request, but why would I use authenticated instead of authenticated?

Member

josevalim commented Jun 18, 2011

Thanks for the pull request, but why would I use authenticated instead of authenticated?

@vijaydev

This comment has been minimized.

Show comment
Hide comment
@vijaydev

vijaydev Jun 18, 2011

@josevalim what's the question again? :)

@josevalim what's the question again? :)

@josevalim

This comment has been minimized.

Show comment
Hide comment
@josevalim

josevalim Jun 18, 2011

Member

Hahaha, LOL, sorry.

The question is: why would I use authenticated instead of the existing authenticate?

Member

josevalim commented Jun 18, 2011

Hahaha, LOL, sorry.

The question is: why would I use authenticated instead of the existing authenticate?

@sj26

This comment has been minimized.

Show comment
Hide comment
@sj26

sj26 Jun 18, 2011

Contributor

@josevalim: because authenticate forces authentication, authenticated only checks for it.

With authenticated I can provide the same path twice but route differently based on authentication state. A classic example is github itself. Unauthenticated users see a landing page extorting github's virtue, authenticated users see a dashboard of recent activity and repositories, both at the root URL.

Contributor

sj26 commented Jun 18, 2011

@josevalim: because authenticate forces authentication, authenticated only checks for it.

With authenticated I can provide the same path twice but route differently based on authentication state. A classic example is github itself. Unauthenticated users see a landing page extorting github's virtue, authenticated users see a dashboard of recent activity and repositories, both at the root URL.

@josevalim

This comment has been minimized.

Show comment
Hide comment
@josevalim

josevalim Jun 18, 2011

Member

Oh, that's great. I like it. Could you please provide tests then?

Member

josevalim commented Jun 18, 2011

Oh, that's great. I like it. Could you please provide tests then?

@sj26

This comment has been minimized.

Show comment
Hide comment
@sj26

sj26 Jun 19, 2011

Contributor

Awesome, yeah, I wanted to get feedback before doing so. I'll chuck some together now, cheers!

Contributor

sj26 commented Jun 19, 2011

Awesome, yeah, I wanted to get feedback before doing so. I'll chuck some together now, cheers!

@josevalim

This comment has been minimized.

Show comment
Hide comment
@josevalim

josevalim Jun 22, 2011

Member

Hey mate, any news? I am planning to release Devise 1.4 in the next 24 hours. So if you can add tests, we can get it in!

Member

josevalim commented Jun 22, 2011

Hey mate, any news? I am planning to release Devise 1.4 in the next 24 hours. So if you can add tests, we can get it in!

@sj26

This comment has been minimized.

Show comment
Hide comment
@sj26

sj26 Jun 23, 2011

Contributor

Oh man, okay, I'll get cracking.

(Opposite timezone fail.)

Contributor

sj26 commented Jun 23, 2011

Oh man, okay, I'll get cracking.

(Opposite timezone fail.)

sj26 added some commits Jun 23, 2011

Switch to Warden::Proxy#authenticate?
Warden::Proxy#authenticated? and Warden::Proxy#unauthenticated? don't try strategies first.
@sj26

This comment has been minimized.

Show comment
Hide comment
@sj26

sj26 Jun 23, 2011

Contributor

Fully tested. Caught a problem the last commit, too. -.-

Contributor

sj26 commented Jun 23, 2011

Fully tested. Caught a problem the last commit, too. -.-

josevalim added a commit that referenced this pull request Jun 23, 2011

Merge pull request #1147 from sj26/master
Authenticated Route Constraints

@josevalim josevalim merged commit f43a7c4 into plataformatec:master Jun 23, 2011

@deepakinseattle

This comment has been minimized.

Show comment
Hide comment
@deepakinseattle

deepakinseattle Jun 30, 2011

This is a great addition to devise. Thanks sj26 for contributing and josevalim for merging!

This is a great addition to devise. Thanks sj26 for contributing and josevalim for merging!

@volkanunsal

This comment has been minimized.

Show comment
Hide comment
@volkanunsal

volkanunsal Aug 24, 2011

This feature would be even better if we could specify some pages that be shown only to unauthenticated users. Like the registration and login pages, for instance. Then anyone requesting those pages can be redirected to the landing page for that model.

This feature would be even better if we could specify some pages that be shown only to unauthenticated users. Like the registration and login pages, for instance. Then anyone requesting those pages can be redirected to the landing page for that model.

@josevalim

This comment has been minimized.

Show comment
Hide comment
@josevalim

josevalim Aug 24, 2011

Member

unauthenticated was added to Devise later with exactly this behavior.

Member

josevalim commented Aug 24, 2011

unauthenticated was added to Devise later with exactly this behavior.

@sj26

This comment has been minimized.

Show comment
Hide comment
@sj26

sj26 Aug 24, 2011

Contributor

... or you could just have later routes which, implicitly, are unauthenticated:

authenticated do
  root :to => :dashboard
end

# unauthenticated:
root :to => :home
Contributor

sj26 commented Aug 24, 2011

... or you could just have later routes which, implicitly, are unauthenticated:

authenticated do
  root :to => :dashboard
end

# unauthenticated:
root :to => :home
@sj26

This comment has been minimized.

Show comment
Hide comment
@sj26

sj26 Aug 24, 2011

Contributor

Oh, nevermind, I get you might want to have routes only accessible to unauthenticated users unmasked by authenticated routes.

Also, useful for skipping a whole section of unauthenticated routes as an efficiency gain.

Contributor

sj26 commented Aug 24, 2011

Oh, nevermind, I get you might want to have routes only accessible to unauthenticated users unmasked by authenticated routes.

Also, useful for skipping a whole section of unauthenticated routes as an efficiency gain.

@volkanunsal

This comment has been minimized.

Show comment
Hide comment
@volkanunsal

volkanunsal Aug 24, 2011

Isn't unauthenticated the same as the default root path? What I had in mind was more like a way of making sure authenticated users never get to see "new registration" and "new session" pages. It would be a way of doing the same thing as what this line from my registrations_controller.rb is doing right now:

redirect_to stored_location_for(current_user) if signed_in?

My proposed syntax for it would be:

authenticated, :force =>[:registrations,:sessions] do 
    as :user do
      root :to      => "pages#index"
    end
end

(Unless there is already a way of doing the same from the controller that I am not aware of.)

Isn't unauthenticated the same as the default root path? What I had in mind was more like a way of making sure authenticated users never get to see "new registration" and "new session" pages. It would be a way of doing the same thing as what this line from my registrations_controller.rb is doing right now:

redirect_to stored_location_for(current_user) if signed_in?

My proposed syntax for it would be:

authenticated, :force =>[:registrations,:sessions] do 
    as :user do
      root :to      => "pages#index"
    end
end

(Unless there is already a way of doing the same from the controller that I am not aware of.)

@codyolsen

This comment has been minimized.

Show comment
Hide comment

@sj26, @josevalim: Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment