StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POUse Friend for authentication and authorisation in a single page Clojure web application
primarykey
Id
20273190
data
AcceptedAnswerId
0
AnswerCount
2
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2013-11-28T19:00:22.890
FavoriteCount
4
LastActivityDate
2014-05-10T15:33:29.637
LastEditDate
2013-11-29T11:57:33.333
LastEditorUserId
2625478
OwnerUserId
2625478
ParentId
0
PostTypeId
1
Score
8
ViewCount
2064
LastEditorDisplayName
text
Body
I am trying to integrate Friend authentication and authorisation into a Clojure/Compojure single-page web application. I have a login form backed by an Angular controller, and this controller uses AJAX to authenticate username and password against the web application and obtain an authenticated user record. Because of this, I do not want the default behaviour provided by the Friend form-based login - I basically want to rely on HTTP status codes and I do not want any of the Friend page-redirects. For example, making an unauthenticated request should simply return a 401 status code, and should not redirect to "/login". I have this part working by specifying a custom ":unauthenticated-handler" when configuring Friend (code included below). On a successful login I simply want a 200 status code, and not a redirect to the originally requested page. This is what I can't get working. I wrote a custom Friend authentication workflow based on the various examples (my Clojure skills are beginner level right now): <pre><code>(defn my-auth [& {:keys [credential-fn]}] (routes (GET "/logout" req (friend/logout* {:status 200})) (POST "/login" {{:keys [username password]} :params} (if-let [user-record (-> username credential-fn)] (if (and [user-record password] (creds/bcrypt-verify password (:password user-record))) (let [user-record (dissoc user-record :password)] (workflows/make-auth user-record {:cemerick.friend/workflow :my-auth :cemerick.friend/redirect-on-auth? true})) {:status 401}) {:status 401})))) </code></pre> Here is my handler with middlewares declared: <pre><code>(def app (-> (handler/site (friend/authenticate app-routes {:credential-fn (partial creds/bcrypt-credential-fn my-credential-fn) :unauthenticated-handler unauthenticated :workflows [(my-auth :credential-fn my-credential-fn)]})) (session/wrap-session) (params/wrap-keyword-params) (json/wrap-json-body) (json/wrap-json-response {:pretty true}))) </code></pre> And the additional handler function referenced by the above: <pre><code>(defn unauthenticated [v] {:status 401 :body "Unauthenticated"}) </code></pre> Finally an additional routes fragment to test the authentication: <pre><code>(GET "/auth" req (friend/authenticated (str "You have successfully authenticated as " (friend/current-authentication)))) </code></pre> This mostly works, and almost does everything I need. Because "redirect-on-auth?" is true in "make-auth", on a successful login a page-redirect is generated - I want to prevent that redirect so I set the value to false. However, this single change results in a 404 and a failed login. So as well as the Friend authentication map I need somehow to return a 200 status code here, and also I want to return the "user-record" in the response body so the client application can tailor the UI depending on the user roles (I already have JSON requests/responses wrapped and working). So I think I need the equivalent of this when I invoke the Friend "make-auth" function: <pre><code>{:status 200 :body user-record} </code></pre> However it seems like I can have either the authentication map, or the response - but not both together. Can this be achieved with Friend and if so how?
Tags
<authentication><clojure><compojure>
Title
Use Friend for authentication and authorisation in a single page Clojure web application
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. UScaprica
UserOwnerUserId
1. UScaprica
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POUse Friend for authentication and authorisation in a single page Clojure web application
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POUse Friend for authentication and authorisation in a single page Clojure web application
 UserUserId
 USmac
 VoteTypeVoteTypeId
 VTFavorite
3. VO
 singulars
 PostPostId
 POUse Friend for authentication and authorisation in a single page Clojure web application
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COMaybe this is related: https://github.com/cemerick/friend/issues/83, implying that it's not currently possible and needs a fix to Friend.
 singulars
 PostPostId
 POUse Friend for authentication and authorisation in a single page Clojure web application
 UserUserId
 UScaprica
2. COyes that seems to be the case.
 singulars
 PostPostId
 POUse Friend for authentication and authorisation in a single page Clojure web application
 UserUserId
 USponzao

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.