[albatross-users] login integration challenges again

Matt Goodall matt at pollenation.net
Thu Sep 25 04:58:26 EST 2003 

On Wed, 2003-09-24 at 19:08, Eric S. Johansson wrote:
> I started trying to integrate the login code into one of my applications and I 
> discovered a few things that show me it is time to learn more about albatross.
> 
> The working model for albatross use was the single file for all methods and 
> functions plus the glue code for activating albatross.  The working model broke 
> out the code in the following fashion:
> 
> Includes
> independent functions
> classes
> albatross glue class with methods
>        page_enter
>        page_process
>        page_display
> and last, glue code
> instance of SimpleApp
> register page (binding glue class to albatross)
> then run (request())
> 
> Granted, many of the features around the glue code still escape me and I take 
> the simpleminded view that page_enter is used to create initial values, 
> page_process is used to perform work based on a button push and set up data for 
> use during page_display.  Page_display is used for any calculations necessary 
> for page display independent of whether or not page page_display has run.
> 
> Adding login semantics to this style of coding doesn't work well.  For example, 
> page_enter would use some form of login object instantiation and then storing 
> that object as part of context.locals.  Next during page_process the first thing 
> one must do is validate that someone is logged in and a token is valid.  If not 
> control passes to a login page, potentially preserving the current state of the 
> submit.  Same thing is true for page_display because someone may just access the 
> page for data display.  Unfortunately, I do not remember if page_process 
> executes every time you access the page or not.

Unless you call ctx.redirect() or raise some form of error (both amount
to the same thing anyway) then page_process will be called.

> Conceptually, the big problem is the redirecting control to a login page and 
> then picking up again from where you left off.
> 
> So, is there any way to embed my login capabilities into albatross so that I can 
> minimize the amount of work a user needs to remember to do in order to get 
> authentication working with their application?  Ideally, the most they should 
> have to do would be to define a login authentication instance in the page_enter 
> section and everything else should happen automatically and invisibly.
> 
> I don't think I'm too far off base on usability model, I just need to know how 
> to integrate with albatross better (I think)
> 
> Suggestions?  Ideas?

If users must *always* be authenticated to use the application, and you
are not using Albatross in random mode, then the simplest solution is
probably to set the start page to your login page. Once the user
authenticates correctly call ctx.set_page() to move to the main
application page. If the user restarts the browser or the session times
out the user will be automatically sent back to the login page.


If you only want authentication to happen on first access to a protected
page then it would probably be best to override one of the Albatross
methods rather than scatter access control checks throughout your page
code.

The two more obvious Albatross methods to override are set_page() and
page_enter(), I would have to look at the Albatross code to decide which
one to override. If the user is already authenticated then call the
parent class's version of the overridden method; if not then redirect()
or set_page() to your login page, passing enough information to return
to the current page later.

Hope this helps.

Cheers, Matt

-- 
Matt Goodall, Pollenation Internet Ltd
w: http://www.pollenationinternet.com
e: matt at pollenation.net
t: +44 (0)113 2252500

More information about the Albatross-users mailing list