RESTful Authentication: Stumped trying to do simple redirect on cookie based authentication

Question

I have a RoR application that's using the RESTful Authentication plug-in. Everything works great. I recently enabled cookie based authentication and that works fine too. The problem is that I want to change the default landing page when the user is authenticated using a cookie. I want to have a cookie authenticated user redirected to the same page they are redirected to upon successful login from the login form. They are always directed to the original request URL. I'm racking my brain on this as I thought I understood how it works and every change I make seems to have no impact.

I suspect this is something simple but I'm obviously missing it. I'd appreciate any feedback, guidance or suggestions you might offer.

Answer 1

Restful Authentication stores the original URL that was trying to be accessed when the request is made. All of you have to do is prevent it from storing that value OR clear that value when a cookie authentication is performed and then the user will get redirected back to your default page.

I would probably do it like this in authenticated_system.rb

 def login_from_cookie
  user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
  if user && user.remember_token?
    self.current_user = user
    session[:return_to] = nil # This clears out the return value so the user will get redirected to the default path
    handle_remember_cookie! false # freshen cookie token (keeping date)
    self.current_user
  end
end

The is session[:return_to] = nil

Then just make sure you have set your default path in your sessions controller and you should be all set. The code in your sessions controller should be something like this:

redirect_back_or_default(the_path_you_want_to_send_them_to)

Answer 2

Can't you just have your routes setup so that

map.root :controller => :users, :action => :search

And then have a before_filter that checks to make sure that some "logged in" parameter is set? This param would just need to be set whenever the user logs in, either via cookie or via normal means. Then, whether the cookie authentication happens or normal auth happens, it will go to the default page. Maybe I'm misunderstanding the problem.

Answer 3

I solved the problem but it's a bit ugly in my opinion. Here's what I did.

In the cookie authentication method I set a session variable indicating the cookie login method was used.

def login_from_cookie
  user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
  if user && user.remember_token?
    session[:cookie_login] = true   **# this is my addition**
    self.current_user = user
    handle_remember_cookie! false # freshen cookie token (keeping date)
    self.current_user
  end
end

Then in the :before_filter set_current_user I just check for that variable and redirect if it is set making sure to set the variable to nil.

def set_current_user
  Authorization.current_user = current_user
  if session[:cookie_login] 
    redirect_to :controller => :users, :action => :search
    session[:cookie_login] = false
  end
end

It's not pretty but it does work. I'm definitely open to any suggestions about how to clean this up.

Answer 4

I'm using Bort so maybe this isn't part of Restful_Authentication itself but there is a successful_login method in the sessions controller that uses this restful_auth method:

redirect_back_or_default( root_path )

which is in defined in authenticated_system.rb

    def redirect_back_or_default(default)
      redirect_to(session[:return_to] || default)
      session[:return_to] = nil
    end

Answer 5

You could add this line to the session controller after a successful login:

redirect_to :controller => 'dashboard', :action => 'index'