Mailing List Archive

I you mean trust "user", then yes. Put a `if $c->user' somewhere in your
Root Controller - perhaps an auto action - and redirect if user is undef.

`user` is populated by Catalyst::Plugin::Authentication[1]


[1]
http://search.cpan.org/~bobtfish/Catalyst-Plugin-Authentication-0.10023/lib/Catalyst/Plugin/Authentication.pm


On 17 September 2017 at 14:49, Gavin Henry <gavin.henry@gmail.com> wrote:

> Hi all,
>
> Can I trust this to use use to redirect a user after login (session
> expired etc) or should I validate it against $c->uri_for()
>
> Thanks.
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/
> catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>

Nevermind, I'd already done thought about this. Please ignore:

if ( !$c->user_exists ) {
$c->log->debug('***User not found, forwarding to /login')
if $c->debug();

# $c->uri_for will return the URL for the current action namespace,
# so, if you request /customers/faxes, we'll get /customers/faxes
# that way we don't trust $c->req->uri, even though looking at the code
# Catalyst it's OK
$c->log->debug( 'Saving previous URI: ' . $c->uri_for() )
if $c->debug();
$c->flash->{redirect_after_login} = $c->uri_for();
$c->response->redirect( $c->uri_for('/login') );
$c->detach();
}

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/