First steps issues

[jeremiedb]

Some difficulties were encountered setting up a basic authentication, probably my misunderstanding of the authenticated behavior. Following plugin installation and users table migration as per the README, a new user could be added going to the route /register.

Then, to put a route behind authentication, the following was attempted:

route("/test") do
  authenticated() || throw(Genie.Exceptions.ExceptionalResponse(Genie.Renderer.redirect(:show_login)))
  TestController.render_test()
end

Going to route /test redirected as desired to the login page. After entering the proper credentials, it however hanged on a blank page with the text Redirecting you to. I think this was simply due to the login function in AuthenticationController having the line: Genie.Renderer.redirect(:get_home), which I replaced with Genie.Renderer.redirect("/"). This did resulted in returning to the home page after entering proper credentials in the login.

However, when returning to /test route, it still redirect to the login page. Hence, it seems lie the authenticated() still fails despite what appears like a successful login.

A call to authenticated() in the REPL from a running Genie app in dev returns:

julia> authenticated()
ERROR: KeyError: key :__params not found
Stacktrace:
 [1] getindex at .\iddict.jl:92 [inlined]
 [2] task_local_storage at .\task.jl:204 [inlined]
 [3] macro expansion at C:\Users\jerem\.julia\packages\Genie\1Ew9d\src\Router.jl:897 [inlined]
 [4] payload() at C:\Users\jerem\.julia\packages\Genie\1Ew9d\src\Requests.jl:183
 [5] is_authenticated() at C:\Users\jerem\.julia\packages\GenieAuthentication\fRPYY\src\GenieAuthentication.jl:52
 [6] top-level scope at REPL[16]:1

I'm a bit lost here about whether the above call should have worked, or if simply doesn't belong in the route call.

On a side note, chrome browser pops an alert signal about data breach when entering credentials. Is it an expected limitation in how the authentication plugin works?

The above was run with the latest package versions:

  [c43c736e] Genie v1.9.1
  [e115e502] GenieAuthentication v0.6.0 `https://github.com/GenieFramework/GenieAuthentication.jl#master`
  [682c06a0] JSON v0.21.1
  [b9914132] JSONTables v1.0.0
  [5ab0869b] KernelDensity v0.6.2
  [e6f89c97] LoggingExtras v0.4.2
  [739be429] MbedTLS v1.0.3
  [295af30f] Revise v3.1.10
  [340e8cb6] SearchLight v0.21.1
  [21a827c4] SearchLightSQLite v0.5.0

[JohanTec]

Similar problem here with the "force autenhtication feature": that feature does not seem to work on my local environment.

I added

• before() = authenticated() || throw(ExceptionalResponse(redirect(:show_login)))

to the beginning of my controller, but nothing seems to happen when I browse immediately to the corresponding URL without login first.

When I point my URL explicitly to .../login, that seems to work however But indeed , to remove the blanc redirect, i had to change in AuthenticationController

• "Genie.Renderer.redirect(:get_home)",

to

• redirect(:myDefaultPage)

where

• myDefaultpage

is a valid route I defined in routes.jl

[essenciary]

I think these were different issues.

• the first, @jeremiedb was probably linked to an issue with cookies/sessions not being correctly set on web-kit browsers over HTTP
• the 2nd @JohanTec I think it's a documentation issue - I actually demoed the plugin yesterday and it works as expected (see https://github.com/essenciary/genie-watch-tonight#bonus) but what the documentation doesn't mention is that a :get_home route is needed as well and needs to be defined, otherwise it can't redirect to it (or you need to change the route in the controller, which I think is less recommended, eg if the plugin will need updating/reinstalling in the future).

[essenciary]

I've added extra examples and steps to the README file, let me know if that helps. I'm gonna close this - please reopen if needed.

[JohanTec]

Thx a lot @essenciary

I did all this, but the trick to make it work in my case was replacing below code

route("/customerconfig", named = :configEntry) do CustomerConfigController.customerConfig() end

by

route("/customerconfig",CustomerConfigController.customerConfig ,named = :configEntry)

This looks strange behaviour for me. Could this be a Julia bug that the using do keyword has some unexpected effects ?? Is there a way to ensure that te before() hook is also called in the first code snippet above ? I am using Genie v1.13.0

[essenciary]

@JohanTec Sorry, I missed this. That is extremely weird. I will run some tests myself, I have no explication for that.

[essenciary]

@JohanTec On further consideration, actually that makes total sense. Julia/the compiler does not offer the before hooks, that's implemented in Genie's router. When a named function is passed to the route, the router can figure out the Module and check if a before function is defined there and invoke it. While in the case of a lambda, Genie can't tell so the hook is not invoked.

I agree, this is not ideal and can cause unexpected results and leaving functionality exposed. I'm not sure how to do it. We could remove the hooks approach but then we'll have to add auth checks to each function...

[essenciary]

For the Genie.Renderer.redirect(:get_home) the expectation is to set up a named :get_home route. It can be / but most likely it's not. Usually the "/" will be some public landing page, and upon auth the user will be take to some other page.

Maybe we should just add a "/success" page that the users can customize or change to avoid the error.

[essenciary]

Closing this as the authentication logic has changed in v2 (including to address some of the issues mentioned here). In principle all the problems discussed here should be gone in latest v2.