Improved login and prepared logout
Change-Id: I29e7c3752682e1016cbbd861ac1c1c3dd64964ab
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index c35ed27..0bd2252 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -133,6 +133,7 @@
if ($c->session('auth')) {
$c->stash(auth => $c->session('auth'));
+ $c->stash(user => $c->session('user'));
};
return 1;
}
@@ -165,7 +166,7 @@
# User Management
my $user = $r->any('/user')->to(controller => 'User');
$user->post('/login')->to(action => 'login')->name('login');
-# $r->get('/logout')->to(action => 'logout')->name('logout');
+ $user->get('/logout')->to(action => 'logout')->name('logout');
# $r->any('/register')->to(action => 'register')->name('register');
# $r->any('/forgotten')->to(action => 'pwdforgotten')->name('pwdforgotten');
diff --git a/lib/Kalamar/Apps/test_backend.pl b/lib/Kalamar/Apps/test_backend.pl
index aeb0860..a887b59 100644
--- a/lib/Kalamar/Apps/test_backend.pl
+++ b/lib/Kalamar/Apps/test_backend.pl
@@ -2,7 +2,7 @@
use Mojolicious::Lite;
use Mojo::ByteStream 'b';
use Mojo::Date;
-use Mojo::JSON qw/true false/;
+use Mojo::JSON qw/true false encode_json/;
use strict;
use warnings;
use Mojo::JWT;
@@ -13,7 +13,7 @@
helper jwt => sub {
shift;
- Mojo::JWT->new(
+ return Mojo::JWT->new(
secret => 's3cr3t',
token_type => 'api_token',
expires => Mojo::Date->new(time + (3 * 34 * 60 * 60)),
@@ -125,6 +125,7 @@
};
+
############
# Auth API #
############
@@ -148,7 +149,6 @@
# Decode header
my ($username, $pwd) = @{b($auth)->b64_decode->split(':')->to_array};
-
# the password is 'pass'
if ($pwd) {
@@ -156,7 +156,18 @@
if ($pwd eq 'pass') {
# Render info with token
- return $c->render($c->jwt(username => $username));
+ my $jwt = $c->jwt(username => $username);
+
+ # Render in the Kustvakt fashion:
+ return $c->render(
+ format => 'html',
+ text => encode_json({
+ %{$jwt->claims},
+ expires => $jwt->expires,
+ token => $jwt->encode,
+ token_type => 'api_token'
+ })
+ );
};
return $c->render(
diff --git a/lib/Kalamar/Controller/User.pm b/lib/Kalamar/Controller/User.pm
index b80aec0..636f4c3 100644
--- a/lib/Kalamar/Controller/User.pm
+++ b/lib/Kalamar/Controller/User.pm
@@ -11,7 +11,7 @@
$v->required('pwd', 'trim');
if ($v->has_error) {
- $c->notify(error => 'Login fail');
+ $c->notify(error => $c->loc('Auth_loginFail'));
}
# Login user
@@ -19,20 +19,39 @@
$v->param('handle_or_email'),
$v->param('pwd')
)) {
- $c->notify(success => 'Login successful!');
+ $c->notify(success => $c->loc('Auth_loginSuccess'));
+ }
+
+ else {
+ $c->notify(error => $c->loc('Auth_loginFail'));
};
# Set flash for redirect
$c->flash(handle_or_email => $v->param('handle_or_email'));
# Redirect to slash
- return $c->redirect_to('/');
+ return $c->redirect_to('index');
};
+
+# Logout of the session
sub logout {
- shift->user->logout;
+ my $c = shift;
+
+ # Log out of the system
+ if ($c->user->logout) {
+ $c->notify('success', $c->loc('Auth_logoutSuccess'));
+ }
+
+ # Something went wrong
+ else {
+ $c->notify('error', $c->loc('Auth_logoutFail'));
+ };
+ return $c->redirect_to('index');
};
+
+
sub register {
my $c = shift;
$c->render(json => {
@@ -40,6 +59,8 @@
});
};
+
+
sub pwdforgotten {
my $c = shift;
$c->render(json => {
diff --git a/lib/Kalamar/Plugin/KalamarUser.pm b/lib/Kalamar/Plugin/KalamarUser.pm
index cb4f0be..f951f0f 100644
--- a/lib/Kalamar/Plugin/KalamarUser.pm
+++ b/lib/Kalamar/Plugin/KalamarUser.pm
@@ -54,10 +54,11 @@
'user.ua' => sub {
my $c = shift;
my $auth = $c->user_auth;
- my $client = $c->req->headers->header('X-Forwarded-For');
return $plugin->ua unless $auth;
+ my $client = $c->req->headers->header('X-Forwarded-For');
+
my $ua = Mojo::UserAgent->new;
# Set app to server
@@ -126,6 +127,8 @@
$mojo->log->debug(qq!Login successful: "$user" with "$auth"!);
+ $user = $jwt->{username} ? $jwt->{username} : $user;
+
# Set session info
$c->session(user => $user);
$c->session(auth => $auth);
@@ -248,14 +251,22 @@
my $c = shift;
# TODO: csrf-protection!
- # TODO: REVOKE ON THE SERVER ONCE SUPPORTED!
+
+ my $url = Mojo::URL->new($plugin->api);
+ $url->query('/auth/logout');
+
+ # Receive value from server
+ my $return_value = $c->user->ua->get($url);
+
+ # TODO:
+ # Do something with value
# Clear cache
$c->chi('user')->remove($c->user_auth);
# Expire session
$c->session(expires => 1);
- return $c->redirect_to('index');
+ return 1;
}
);
};