Forum: Radiant CMS Authentication for one Section of Site

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Michael J. (Guest)
on 2007-02-14 06:18
(Received via mailing list)
I've got a set of pages that I want to require authentication on.

Any suggestions on how to handle authentication on those pages?

Thanks-
Michael
Sean C. (Guest)
on 2007-02-14 15:35
(Received via mailing list)
If your needs are small, you could set up your webserver to demand
HTTP authentication on those paths.

Sean
Michael J. (Guest)
on 2007-02-14 19:02
(Received via mailing list)
Right, that propbably would be the easiest.

I do like the idea of it all being in Ruby so you can just drop the
app on a server and go.

I think I could write an Extension to do this:

* Extension action: process user/pass values, if valid sets session
variable
* Extension action:  removes session variable
* Extension has tag <r:auth:if_loggedin>mycontent</:rauth:if_loggedin>
* Extension has tag <r:auth:unless_loggedin>go
away</:rauth:unless_loggedin>

I would prefer to make it redirect w/flash message if you weren't
authenticated. However I'm not quite sure how to do a rediect from a
class that extends Page?

Thanks for the response, and if there are any other ideas I'd love to
hear them.

-Michael
John W. Long (Guest)
on 2007-02-14 20:25
(Received via mailing list)
Michael J. wrote:
> I do like the idea of it all being in Ruby so you can just drop the
> app on a server and go.
>
> I think I could write an Extension to do this:
>
> * Extension action: process user/pass values, if valid sets session variable
> * Extension action:  removes session variable
> * Extension has tag <r:auth:if_loggedin>mycontent</:rauth:if_loggedin>
> * Extension has tag <r:auth:unless_loggedin>go away</:rauth:unless_loggedin>

The above would require that you maintain session state for each Web
site visitor, something that Radiant wasn't designed to support out of
the box. It is probably possible to write an extension that would work
around this problem, but you may find it difficult.

--
John
Andrew K. (Guest)
on 2007-02-15 00:41
(Received via mailing list)
Well all, I'm back ;)

Anyways, just a quick question. I remember discussion about caching
still being hashed out for 0.6.0. My question is, is that I want to move
to 0.6.0, but my concern is caching. I have a LOT of traffic now and
don't think my host would be thrilled with pegging the CPU and I hope
there is caching in place.

Thanks!

Andrew
Daniel S. (Guest)
on 2007-02-15 01:10
(Received via mailing list)
> Well all, I'm back ;)
>
> Anyways, just a quick question. I remember discussion about caching
> still being hashed out for 0.6.0. My question is, is that I
> want to move
> to 0.6.0, but my concern is caching. I have a LOT of traffic now and
> don't think my host would be thrilled with pegging the CPU and I hope
> there is caching in place.

Caching in 0.6.0 is pretty much the same mechanism as caching in 0.5.2 -
though there has been some performance improvements, if you're currently
running 0.5.2, you should see a drop in cpu usage.

The figures in this email:

http://lists.radiantcms.org/pipermail/radiant-core...
tml

Show the performance of the new caching mechanism - that's running on an
AMD Athlon 1700 with 512mb RAM running apache2 with 2 fastcgid processes
(but the machine was also running a bunch of other processes, so the
figures may be slightly low).

If your host supports xsendfile (typically only if you're using a
VPS/dedicated server and you've installed it yourself or they run
lighttpd), you can have performance only 4-8x slower than raw apache -
that's quite good performance.


Dan.
Michael J. (Guest)
on 2007-02-15 01:54
(Received via mailing list)
Thanks for the note John, I see the sessions are turned off:

class SiteController < ApplicationController
  session :off
...
end

I guess having sessions off provides better performance?

I think sessions would be needed for doing any sort or
ecomm/loggedin/user type extensions.

Guess I'll got with basic auth for now.

Thanks-
Michael
Daniel S. (Guest)
on 2007-02-15 07:14
(Received via mailing list)
> I guess having sessions off provides better performance?
>
> I think sessions would be needed for doing any sort or
> ecomm/loggedin/user type extensions.
>
> Guess I'll got with basic auth for now.

Yes, it would provide slightly better performance, but the main problem
with sessions is that they would completely break the caching model of
radiant (radiant caches the headers of the requests, which would include
any cookie settings for the session).

If you want session enabled pages, I'd say to pump them through another
controller:

class RestrictedController < ApplicationController
  session :on
  no_login_required

  attr_accessor :config, :cache

  def initialize
    @config = Radiant::Config
    @cache = ResponseCache.instance
  end

  def show_page
    @page = find_page("restricted/#{url}")
    unless @page.nil?
      @page.process(request, response)
      @performed_render = true
    else
      render :template => 'site/not_found', :status => 404
    end
  rescue Page::MissingRootPageError
    redirect_to welcome_url
  end
end

  define_routes do |map|
    map.with_options(:controller => 'restricted') do |restricted|
      restricted.connect     'restricted/*url',   :action => 'show_page'
    end
  end

Something like that anyway.

Dan.
This topic is locked and can not be replied to.