On 1.3.1, is it default behavior to not be have the logon prompt page be loaded immediately when no user session exists?

Added by Matt Brown about 10 years ago


I just performed a pretty tough upgrade from 0.8.4 to 1.3.1, and believe that everything has gone smoothly.

In the 0.8.4 instance, when a user accessed the root of the site (http://site/), and they were not authenticated with a user session, they would be immediately forwarded to the logon page (http://site/logon).

However, in the 1.3.1 instance, this is not the case. A non-authed user is greeted with the home page, where any public repos and news are listed.

Debugging the 1.3.1 instance I can see that AnonymousUser is used to load the page:

Processing WelcomeController#index (for at 2012-03-06 09:18:27) [GET]
  Parameters: {"controller"=>"welcome", "action"=>"index"}
  SQL (0.4ms)   SELECT max(`settings`.updated_on) AS max_updated_on FROM `settings`
  AnonymousUser Load (0.5ms)   SELECT * FROM `users` WHERE ( (`users`.`type` = 'AnonymousUser' ) ) LIMIT 1
  Role Load (0.4ms)   SELECT * FROM `roles` WHERE (`roles`.`builtin` = 2) LIMIT 1
  News Load Including Associations (0.8ms)   SELECT `news`.`id` AS t0_r0, `news`.`project_id` AS t0_r1, `news`.`title` AS t0_r2, `news`.`summary` AS t0_r3, `news`.`description` AS t0_r4, `news`.`author_id` AS t0_r5, `news`.`created_on` AS t0_r6, `news`.`comments_count` AS t0_r7, `users`.`id` AS t1_r0, `users`.`login` AS t1_r1, `users`.`hashed_password` AS t1_r2, `users`.`firstname` AS t1_r3, `users`.`lastname` AS t1_r4, `users`.`mail` AS t1_r5, `users`.`admin` AS t1_r6, `users`.`status` AS t1_r7, `users`.`last_login_on` AS t1_r8, `users`.`language` AS t1_r9, `users`.`auth_source_id` AS t1_r10, `users`.`created_on` AS t1_r11, `users`.`updated_on` AS t1_r12, `users`.`type` AS t1_r13, `users`.`identity_url` AS t1_r14, `users`.`mail_notification` AS t1_r15, `users`.`salt` AS t1_r16, `projects`.`id` AS t2_r0, `projects`.`name` AS t2_r1, `projects`.`description` AS t2_r2, `projects`.`homepage` AS t2_r3, `projects`.`is_public` AS t2_r4, `projects`.`parent_id` AS t2_r5, `projects`.`created_on` AS t2_r6, `projects`.`updated_on` AS t2_r7, `projects`.`identifier` AS t2_r8, `projects`.`status` AS t2_r9, `projects`.`lft` AS t2_r10, `projects`.`rgt` AS t2_r11 FROM `news` LEFT OUTER JOIN `users` ON `users`.id = `news`.author_id AND (`users`.`type` = 'User' OR `users`.`type` = 'AnonymousUser' ) LEFT OUTER JOIN `projects` ON `projects`.id = `news`.project_id WHERE (((projects.status=1 AND projects.id IN (SELECT em.project_id FROM enabled_modules em WHERE em.name='news')) AND (projects.is_public = 1))) ORDER BY news.created_on DESC LIMIT 5
  CACHE (0.0ms)   SELECT * FROM `roles` WHERE (`roles`.`builtin` = 2) LIMIT 1
  Project Load (0.4ms)   SELECT * FROM `projects` WHERE (((projects.status=1) AND (projects.is_public = 1))) ORDER BY created_on DESC LIMIT 5
Rendering template within layouts/base
Rendering welcome/index
  UserPreference Load (0.4ms)   SELECT * FROM `user_preferences` WHERE (`user_preferences`.user_id = 2) LIMIT 1
Completed in 25ms (View: 13, DB: 3) | 200 OK [https://site/]

However, I wish to have all my users forwarded to the logon page if they won't have a user session. How do I do this?

Here is the log on the 0.8.4 instance:

Processing WelcomeController#index (for at 2012-03-06 14:33:05) [GET]
  Session ID: 7e1403c6406c689703dfce82ef4f9a2e
  Parameters: {"action"=>"index", "controller"=>"welcome"}
Redirected to http://site/login?back_url=http%3A%2F%2Fsite%2F
Filter chain halted as [:check_if_login_required] rendered_or_redirected.
Completed in 0.00010 (10000 reqs/sec) | DB: 0.00000 (0%) | 302 Found [http://site/]



Well, that was silly. After searching through the .rb files for the string check_if_login_required, I came across it in several files. Then thought, "wait... this is probably a setting..." and sure enough it's a setting in settings.yml... but most easily implemented in the web UI> administration> settings> authentication> "authentication required"