Hey,
I need some advice on something. I have a fairly large and complex
website (uberpwner.com) and all authentication I do is done by before
filters. Basically before_filter :login_required.
login_required does basic authentication and then redirects to the
root_path. Here is the essentials from the login system code (which
is mostly taken from the beast forum):
def login_required
login_by_token unless logged_in?
login_by_basic_auth unless logged_in?
respond_to do |format|
format.html { redirect_to login_path }
format.js { render(:update) { |p| p.redirect_to
login_path } }
format.xml do
headers[“WWW-Authenticate”] = %(Basic realm=“Beast”)
render :text => “HTTP Basic: Access denied.\n”, :status
=> :unauthorized
end
end unless logged_in? && authorized?
end
def login_by_token
self.current_user = User.find_by_id_and_login_key(*cookies
[:login_token].split(“;”)) if cookies[:login_token] and not logged_in?
end
@@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION
Authorization)
def login_by_basic_auth
auth_key = @@http_auth_headers.detect { |h| request.env.has_key?
(h) }
auth_data = request.env[auth_key].to_s.split unless
auth_key.blank?
self.current_user = User.authenticate *Base64.decode64(auth_data
[1]).split(‘:’)[0…1] if auth_data && auth_data[0] == ‘Basic’
end
Now here is what I want: when a user clicks a page that requires
authentication they should be redirected to the login page, then on
successful login to the page they are going to. If they are trying to
submit something to the site they should be redirected to login, then
their submission should go through on successful login.
Any advice on how to achieve this would be very appreciated!
JB