I'm face up with a problem when login.
If user is authenticated, I will let them redirect to home page.
And if they come from another protected route (homepage, other routes) and after logined, I want it redirect to exactly the route they came from.
My solution is:
In auth.js middleware, I will save to cookie the route they come from like this
app.$cookie.set("historyRoute", app.router.history.current.path)
In login.vue I will check if exist historyRoute to let them redirect then remove historyRoute from cookie.
But problem is that user will come from other protected routes and they do not take login action at that time, they make refreshing Login page many times and historyRoute will still exist in cookie.
So I want to know how to determine when visitors directly reload Login page to remove historyRoute in cookie.
Or if you have another solution, please suggest me know. Thanks.
Update flow:
Visitor access link /users/setting
-> check Auth
-> if Not Auth
-> redirect 302 to /Login
-> After login (I need to know they directly come from login page or from /user/setting then redirect to login page)
-> redirect back to users/setting
Related
I have a Single sign-in laravel application which is, say for example app-A. And my main application app-B. Now, whenever a user visits www.aap-B.com, I want the user to reach to the login page of app-A.
Since app-B is built using laravel fortify whenever I first hit the site url of app-B it takes me to the login page of app-b. How to edit this login route in laravel since it is coming from vendor/laravel/fortify folder. How to make app-B follow the first endpoint to direct to URL of app-A without going to the defult login route when we hit the URl of app-B for the first time.
I don't know where can I edit this login route in app-B. Any piece of advice would be of great help.
I have a question regarding the logout route. When you look at the Demo Page when the user is logged out, a 404 error is shown in the console, because the CMSPageGuard tries to fetch the non-existing Logout page from the Backend. This is a minor problem but doesn't seem intentional?
More so since the logic in the Logout guard redirects to either 'home' or 'login' in case the logout path doesn't exist.
Is the only workaround to not get the 404 error to add a logout page in the Backend, even though it is never shown?
In short, this is intentional. It is part of a feature that makes it easy for storefronts that do require the optional logout page to add it in the CMS and it will be picked up out of the box by the Spartacus logout logic.
You are right about what happens under the hood. If you look at the description of the LogoutGuard in the doc, the overall logic its described like so:
Takes care of routing the user to a logout page (if available) or redirects to the homepage. If the homepage is protected, the user is redirected to the login route instead.
To verify if a logout page is available, the LogoutGuard makes a request for it. If a logout page is not available, that request returns a 404 and this is what shows up in the browser dev tools.
As for preventing that these errors show in the log, there is for now no configuration that will turn this feature off. You might explore using a custom LogoutGuard and override the canActivate function, but I'm not 100% sure this is possible.
How can you redirect the page if the user does not logged in in velocity machine? for example when you visit a another page it will redirect to login page to view the that another page, do I need a conditonal on that?
I believe that you are using SpringFramework in your project.
You could simply add an interceptor to check whether the user has logged in or not and redirect him. You could also add a filter in web.xml file to do the same.
What will be the best way to render the home page (after authentication). Let's say it have a leftNav and Content. Can we have these sections in login.html and initialize their controllers once authentication was cleared ? Is it best practice to initialize them inside the router controller ? What will be the role of can.route in this ?
Could not find much example on this.
My personal opinion is that authentication should be a separate page altogether. You direct the user to a login page and when they have authenticated redirect them to the application page. If they go to the application page without being authenticated you simply redirect them to the login page.
i'm having troubles with the bhLDAPAuthPlugin for symfony when the user session expires. It redirects to the signin form as expected but once the user is authenticated, instead of redirect him to the requested page (the one witch first requested the user), it redirects him to the requested page adding exra information to the URL.
Let me show it to you with an example:
The user is in this URL and the session expires
myapp/editSomething/id/231
And then is redirected by the bhLDAPAuthPlugin to the signin form. Once the user had entered the username & password is redirected here
myapp/editSomething/images/loadingAnimation.gif
I dont know what loadingAnimation.gif is (is not in my /images/ directory nor in anywhere else of my app), nor where is this additional information added :S
Could you please help me to find the place where i must change this behaviour?
Thank you! :D
Every thing is done in the action. The redirect url is build here:
// always redirect to a URL set in app.yml
// or to the referer
// or to the homepage
$signinUrl = sfConfig::get('app_sf_guard_plugin_success_signin_url', $user->getReferer('#homepage'));
Did you define something in your app.yml for app_sf_guard_plugin_success_signin_url ?
all:
sf_guard_plugin:
success_signin_url: #my_route?param=value # the plugin uses the referer as default
So it seems that your referer is bad. Try to define an url in the app.yml to see if the behavior is different.