Fork me on GitHub
#luminus
<
2018-04-30
>
sveri09:04:46

@clojer This is where the signup happens: https://github.com/sveri/custman/blob/da261e3ef3d6c542aabb57aeb533ba0e9c56cb4d/src/clj/de/sveri/custman/routes/user.clj#L134 This is the part when a user logs in: https://github.com/sveri/custman/blob/da261e3ef3d6c542aabb57aeb533ba0e9c56cb4d/src/clj/de/sveri/custman/routes/user.clj#L74 These are the rules for authentication / authorization: https://github.com/sveri/custman/blob/da261e3ef3d6c542aabb57aeb533ba0e9c56cb4d/src/clj/de/sveri/custman/service/auth.clj#L12 You can see that they make use of the data you put into the session on login / signup And this is the middleware that checks authorization / authentication according to the defined rules above https://github.com/sveri/custman/blob/da261e3ef3d6c542aabb57aeb533ba0e9c56cb4d/src/clj/de/sveri/custman/middleware.clj#L42 This is the database code to create a user: https://github.com/sveri/custman/blob/da261e3ef3d6c542aabb57aeb533ba0e9c56cb4d/src/clj/de/sveri/custman/db/user.clj#L15 I am using buddy for the complete process (auth and encryption of the password) and clojure.java.jdbc for access to database. And finally component to create components which are passed down into the functions that need them: https://github.com/sveri/custman/tree/master/src/clj/de/sveri/custman/components I agree that its a bit of work to get that part working, especially when you are new to clojure, as it involves a lot of concepts like components, ring, authentication, db access + plus the general new stuff clojure offers anyway. If you have more questions or some code to show, just go ahead.

clojer10:04:09

Thanks. Mine’s a Luminus app but I may be able to rework some of your Buddy auth code.

sveri10:04:58

@clojer I think luminus uses buddy too, IIRC

clojer12:04:52

@sveri Yes, it does but with code like this layered on top:

clojer12:04:17

… I find it unusable. I mean, you even have to work out for yourself that the missing defmulit is coming from compojure.api.meta

clojer12:04:57

Luminus is otherwise quite nice to use but the auth needs some serious work if it’s to be of any relevance to newcomers.

clojer16:04:49

Can anyone explain in http://www.luminusweb.net/docs/services.html#authentication what this means: “The :current-user key will bind the :identity from the request and can be used to access the user identity.” ?

clojer16:04:15

If I submit a form with 2 params - email and password - what is this :identity?

eoliphant16:04:13

hi @clojer if you look at the example, in the` POST /login`, you’’re jamming the userid into the session. with the :identity key. That in turn makes available in the request chain thanks to the wrap-session middlware. That in turn, allows the restructure-param to grab it and map it to :current-user

clojer17:04:06

But where is the database lookup? There’s no session or identity when the user first logs in.

clojer17:04:24

Not in the request, that is.

eoliphant23:04:05

right, that’s up to you to implement. You said you used the luminus template to gen the app with posgres or somehting support

eoliphant23:04:27

you need to create the db-migration, etc that you need to do the checking

eoliphant23:04:54

also, FYI, @yogthos the guy who created luminus wrote a book “Web development in clojure” which is a pretty good introduction to a lot of this stuff and of course uses luminus