Login Form - respects flash value if defined

[flash548]

This change checks the flash if return_to value not found in the req->params. This was wanted to be able to set the return_to value after a redirect. Before only could force a query parameter (e.g. /yancy/auth/password?return_to=/other-page).

Now can do something like this in your app if you're trying to protect routes, and an unauthenticated user tries to hit a protected path:

under sub ($c) {
    unless ($c->yancy->auth->current_user) {

        # set return_to value to go back to initially requested url
        $c->flash({ return_to => $c->req->url });
        $c->redirect_to('yancy.auth.password.login');
        return undef;
    }
    return 1;
};

[coveralls]

Coverage remained the same at 89.133% when pulling a22fc42ee4992e770ea8fcf4ab83d95f17fe6ab4 on flash548:login-flash into adc944e09d17d86d8682de323501d283f4cdb6db on preaction:master.

[preaction]

Ah, excellent idea! Thanks!

[preaction]

Actually, now that I think about it, is this a better default behavior? Redirecting the user to a login page instead of displaying a login page on any URL?

[flash548]

Might be better default behavior... but might depend on the app too. Probably wouldn't hurt to leave both (params and flash) in there?

[preaction]

Yeah, I was thinking for the require_user auth check it could start redirecting the user instead of the current behavior of returning an unauthorized response with the login form, but now that I think about it that doesn't really sound right either: Returning a redirect code instead of a response error code would be technically incorrect... So, I just documented some of the options and maybe I'll rethink some of the API as I move things over to using Yancy::Model.

Thanks again!