Project

General

Profile

On 1.3.1, is it default behavior to not be have the logon prompt page be loaded immediately when no user session exists?

Added by Matt Brown almost 13 years ago

Hello,

I just performed a pretty tough upgrade from 0.8.4 to 1.3.1, and believe that everything has gone smoothly.

In the 0.8.4 instance, when a user accessed the root of the site (http://site/), and they were not authenticated with a user session, they would be immediately forwarded to the logon page (http://site/logon).

However, in the 1.3.1 instance, this is not the case. A non-authed user is greeted with the home page, where any public repos and news are listed.

Debugging the 1.3.1 instance I can see that AnonymousUser is used to load the page:


Processing WelcomeController#index (for 192.168.100.23 at 2012-03-06 09:18:27) [GET]
  Parameters: {"controller"=>"welcome", "action"=>"index"}
  SQL (0.4ms)   SELECT max(`settings`.updated_on) AS max_updated_on FROM `settings`
  AnonymousUser Load (0.5ms)   SELECT * FROM `users` WHERE ( (`users`.`type` = 'AnonymousUser' ) ) LIMIT 1
  Role Load (0.4ms)   SELECT * FROM `roles` WHERE (`roles`.`builtin` = 2) LIMIT 1
  News Load Including Associations (0.8ms)   SELECT `news`.`id` AS t0_r0, `news`.`project_id` AS t0_r1, `news`.`title` AS t0_r2, `news`.`summary` AS t0_r3, `news`.`description` AS t0_r4, `news`.`author_id` AS t0_r5, `news`.`created_on` AS t0_r6, `news`.`comments_count` AS t0_r7, `users`.`id` AS t1_r0, `users`.`login` AS t1_r1, `users`.`hashed_password` AS t1_r2, `users`.`firstname` AS t1_r3, `users`.`lastname` AS t1_r4, `users`.`mail` AS t1_r5, `users`.`admin` AS t1_r6, `users`.`status` AS t1_r7, `users`.`last_login_on` AS t1_r8, `users`.`language` AS t1_r9, `users`.`auth_source_id` AS t1_r10, `users`.`created_on` AS t1_r11, `users`.`updated_on` AS t1_r12, `users`.`type` AS t1_r13, `users`.`identity_url` AS t1_r14, `users`.`mail_notification` AS t1_r15, `users`.`salt` AS t1_r16, `projects`.`id` AS t2_r0, `projects`.`name` AS t2_r1, `projects`.`description` AS t2_r2, `projects`.`homepage` AS t2_r3, `projects`.`is_public` AS t2_r4, `projects`.`parent_id` AS t2_r5, `projects`.`created_on` AS t2_r6, `projects`.`updated_on` AS t2_r7, `projects`.`identifier` AS t2_r8, `projects`.`status` AS t2_r9, `projects`.`lft` AS t2_r10, `projects`.`rgt` AS t2_r11 FROM `news` LEFT OUTER JOIN `users` ON `users`.id = `news`.author_id AND (`users`.`type` = 'User' OR `users`.`type` = 'AnonymousUser' ) LEFT OUTER JOIN `projects` ON `projects`.id = `news`.project_id WHERE (((projects.status=1 AND projects.id IN (SELECT em.project_id FROM enabled_modules em WHERE em.name='news')) AND (projects.is_public = 1))) ORDER BY news.created_on DESC LIMIT 5
  CACHE (0.0ms)   SELECT * FROM `roles` WHERE (`roles`.`builtin` = 2) LIMIT 1
  Project Load (0.4ms)   SELECT * FROM `projects` WHERE (((projects.status=1) AND (projects.is_public = 1))) ORDER BY created_on DESC LIMIT 5
Rendering template within layouts/base
Rendering welcome/index
  UserPreference Load (0.4ms)   SELECT * FROM `user_preferences` WHERE (`user_preferences`.user_id = 2) LIMIT 1
Completed in 25ms (View: 13, DB: 3) | 200 OK [https://site/]

However, I wish to have all my users forwarded to the logon page if they won't have a user session. How do I do this?

Here is the log on the 0.8.4 instance:

Processing WelcomeController#index (for 192.168.100.23 at 2012-03-06 14:33:05) [GET]
  Session ID: 7e1403c6406c689703dfce82ef4f9a2e
  Parameters: {"action"=>"index", "controller"=>"welcome"}
Redirected to http://site/login?back_url=http%3A%2F%2Fsite%2F
Filter chain halted as [:check_if_login_required] rendered_or_redirected.
Completed in 0.00010 (10000 reqs/sec) | DB: 0.00000 (0%) | 302 Found [http://site/]

Thanks,

Matt

[done]
Well, that was silly. After searching through the .rb files for the string check_if_login_required, I came across it in several files. Then thought, "wait... this is probably a setting..." and sure enough it's a setting in settings.yml... but most easily implemented in the web UI> administration> settings> authentication> "authentication required"