-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access to authentication #7
Comments
This is a primitive logout implementation (abbreviated example inside App::routes()): return [
'/logout' => function($req, $res) use($sessions) {
if ($session= $sessions->locate($req)) {
$session->destroy();
$session->transmit($res); // This is necessary with the current implementation but IMO shouldn't be
}
$res->answer(302);
$res->header('Location', '/?logged-out');
},
// ...
} As can be seen, it needs to know that the authentication uses a session-based approach. |
First ideasLogout: '/logout' => function($req, $res) {
if ($req->value('authentication')->logout($req, $res)) {
$res->answer(302);
$res->header('Location', '/?logged-out');
}
}, Updating user value: '/' => function($req, $res) {
$user= $req->value('user');
// Fetch user from database
$current= $this->repo->user($user['id']);
$req->value('authentication')->update('user', $current);
}, |
Another ideaInstead of a '/logout' => function(Authenticated $req, Response $res) {
if ($req->logout($res)) {
$res->answer(302);
$res->header('Location', '/?logged-out');
}
},
'/refresh' => function(Authenticated $req, Response $res) {
$req->update('user', $this->repo->user($req->user()['id']));
}, However, decorating the Request class is quite cumbersome, there's quite a bit of methods to overwrite with delegating implemnetations. |
Sessions accessor
For us, this would be: $session= $req->session(); // Returns a web.Session instance or NULL
$session->register('key', 'value');
$session->value('key');
$session->remove('key');
// Logout
$session->destroy(); |
Currently web handlers have access to the authenticated user via the request value named
user
, which is returned by the authentication flow. However, the following use-cases are not possible without workarounds:To make this possible, a new value
authentication
could be passed to the request containing methods to access user and session.The text was updated successfully, but these errors were encountered: