Discussion:
Access to stash from hooks ? (before_routes)
(too old to reply)
Luc Larochelle
2018-09-04 18:54:50 UTC
Permalink
Hi,

I'm using the excellent " basic auth plus " plugin to authenticate against
an LDAP server.

It is being called from the hook "before_routes".

Question : is it possible to insert a value into the stash from this hook ?

I tried with $self->stash(user => $username) but it's not recognized by the
template at rendering time from the main route ( get '/ ' )

*Global symbol "$user" requires explicit package name (did you forget to
declare "my $user"?) at template index.html.ep from DATA section line 5.*


*Template*

__DATA__

@@index.html.ep
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title><%= $user %></title>
...



*Sample code is below : *


app->hook(before_routes => sub {

my $self = shift;
my ($hash_ref, $auth_ok)
= $self->basic_auth(
"LDAP" => {
[insert ldap config here]
}
);

if ($hash_ref->{ldap}) {
my $ldap = $hash_ref;
my $username = $hash_ref->{username};
$self->stash(user => $username);
[ ... ]
}

return 0 unless $auth_ok;
});
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Brad Robertson
2018-09-05 01:04:39 UTC
Permalink
Post by Luc Larochelle
Hi,
I'm using the excellent " basic auth plus " plugin to authenticate against
an LDAP server.
It is being called from the hook "before_routes".
Question : is it possible to insert a value into the stash from this hook ?
I tried with $self->stash(user => $username) but it's not recognized by the
template at rendering time from the main route ( get '/ ' )
*Global symbol "$user" requires explicit package name (did you forget to
declare "my $user"?) at template index.html.ep from DATA section line 5.*
*Template*
__DATA__
@@index.html.ep
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title><%= $user %></title>
...
*Sample code is below : *
app->hook(before_routes => sub {
my $self = shift;
my ($hash_ref, $auth_ok)
= $self->basic_auth(
"LDAP" => {
[insert ldap config here]
}
);
if ($hash_ref->{ldap}) {
my $ldap = $hash_ref;
my $username = $hash_ref->{username};
$self->stash(user => $username);
[ ... ]
}
return 0 unless $auth_ok;
});
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Hi, Luc,

Indeed, you should be able to add a value to the stash when using the
hook.

Here's a small example that works for me. This doesn't seem too
different from what you included in your message, except that you're
authenticating against LDAP and this small example is using hardcoded,
plaintext credentials (not recommended, but used here for simplicity).

use Mojolicious::Lite;

plugin 'basic_auth_plus';

get '/' => sub {
my $c = shift;
$c->render(template => 'index');
};

app->hook(before_routes => sub {
my $self = shift;
my ($hash_ref, $auth_ok)
= $self->basic_auth(
"Some Realm" => {
username => 'you',
password => 'secret'
}
);
$self->stash(user => $hash_ref->{username});

return 0 unless $auth_ok;
});

app->start;

__DATA__

@@ index.html.ep
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<p>Hello, <%= $user %></p>
</body>
</html>

I'm happy to take a closer look, if you like.

Also, have you considered using "under" instead of the "before_routes"
hook to wrap your routes with the auth check? I think that would be the
more typical way of doing it.

Regards,
--
Brad Robertson
<***@gmail.com>
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Luc Larochelle
2018-09-05 12:28:34 UTC
Permalink
hey Brad nice to hear from you again !

I think I'll have a look @ under , but in the meanwhile I realized that the difference between our code ia that I assign the value to the stash inside the if condition. Maybe it is not met after all ? I'll do more testing :)

In fact I need to protect access to get / only as it is the only rendered template ( an angularjs app ). The other routes are only used as a the backend and I made sure they can only be called locally.( thanks to Joel Berger's advent calendar).
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Continue reading on narkive:
Loading...