Authentication Process
Added by lm at about 8 years ago
I have taken a close look at the Introduction to Wt::Auth (https://www.webtoolkit.eu/wt/doc/tutorial/auth.html), and implemented something like it in my application. I am able to register a user, then confirm the user's e-mail address by going to the confirmation URL, then the user can sign in. All of that works wonderfully, but my user class is never touched.
In the introduction to Wt::Auth, there is a custom User class created in the default namespace. As far as I can tell, the only reason that class exists is to give it to the template parameter of Wt::Auth::AuthInfo. It's never used, and no database record is ever added to that user table, right?
This makes sense to me because, for instance, say the custom user class has a required 'name' field; the framework doesn't know how to fill out that name. Of course, the user could have a required address field, too, etc. The problem is: how do we get a custom user instance persisted?
Does the framework ever give me an opportunity to create an instance of my user class and persist it? Am I supposed to write logic into my application such that if a Wt::Auth::User logs in and doesn't have a record in my user table, then I should get any more information I need from him and put him into my user table? Maybe something like:
if (Wt::Auth::Login::loggedIn())
if (!Wt::Auth::Dbo::UserDatabase::find(Wt::Auth::Login::user()))
getMoreInfoAndCreateUser();
?
I talked on IRC for a while about this, and the helpful fella there has written his own 'register user' page and creates his own Wt::Auth::User rather than letting the framework create one for him. It looks like he's customizing a good deal more than the example linked to above. I'm hoping to make sense of the example before doing something that customized.
Thanks for helping me understand this!
Replies (6)
RE: Authentication Process - Added by lm at about 8 years ago
Alternatively, can anyone point me to an example using a custom "User" class (with custom data in it that gets filled in when the user is created)? Or please confirm that is left as an exercise for the reader?
RE: Authentication Process - Added by lm at about 8 years ago
I'm looking at the discussion in https://www.webtoolkit.eu/wt/doc/reference/html/classWt_1_1Auth_1_1AbstractUserDatabase.html#details . It says, "Obviously, you may have more data associated with a user, ... . This information cannot be accessed through the Auth::User class, but you should make it available through your own User class, which is then als the basis of this user database implementation." I assume "als" is a typo, so I pretend it's not there.
How can I make my custom user class the basis of the AbstractUserDatabase? If it were template typename AbstractUserDatabase, I would understand, but the Wt::Auth::User type is baked in so I can't make my user type the basis of the abstract user database. I must be missing something here...I'll continue to dig through the examples and documentation.
RE: Authentication Process - Added by Wim Dumon about 8 years ago
Hey,
I believe the answer to your question is in this piece of code, copied from examples/features/aut2/model/Session.C:
dbo::ptr<User> Session::user(const Auth::User& authUser)
{
dbo::ptr<AuthInfo> authInfo = users_->find(authUser);
dbo::ptr<User> user = authInfo->user();
if (!user) {
user = add(Wt::cpp14::make_unique<User>());
authInfo.modify()->setUser(user);
}
return user;
}
Note that there are two User classes in this example: Wt::Auth::User and simply ::User, which adds a fair bit to the confusion. This methods turns a Wt::Auth::User in a ::User, and creates it if it did not yet exist.
There's typically a one-on-one relationship between a ::User and a Wt::Auth::User. And for your own good, I recommend naming your own User class not simply 'User', since time and time again I learn that the human brain does not work with strict namespaces.
Wim.
RE: Authentication Process - Added by lm at about 8 years ago
That does seem to be the helpful part. I've noticed the Wt::Auth::User and ::User dichotomy _ but I hadn't been able to crack the code. This should get me on the right path. Thanks!
RE: Authentication Process - Added by lm at about 8 years ago
Coming at it from the other direction, can someone confirm that it's absolutely necessary to have your own user class? I tried getting along using only Wt::Auth::User, but the error I get is:
/usr/include/Wt/Dbo/DbAction_impl.h:27:7: error: ‘class Wt::Auth::User’ has no member named ‘persist’
RE: Authentication Process - Added by lm at about 7 years ago
I think I got it. I want to override `Wt::Auth::RegistrationWidget::registerUserDetails(Wt::Auth::User &)` so that I can add application-specific details about the user. In order to do that, I'll need to make sure the authentication framework uses my extended RegistrationWidget, so I need to extend `Wt::Auth::AuthWidget` so that I can override `createRegistrationView(Identity const &)`. Then of course, I add that customized auth widget to my root pane instead of the factory `AuthWidget`.
Easy as pie.