Re: [Artanis] Using #:auth to Authenticate a User

[Jonathan Schmeling]

On 09/16/2018 12:09 PM, Nala Ginrut wrote:
> Jonathan Schmeling writes:
>
>> Last, – mostly because I'm really interested – how does the
>> user-inputted password get passed through the POST call? Does the form
>> need to specify the right name? I used passwd mostly as a guess since I
>> couldn't find it specified in the doc.s.
> The POST is not mysterious, according to HTTP protocol, it's the same
> with a common query-string, for example, name=nala&passwd=123
> The name of passwd field should be the same you specified in #:auth, for
> example, if you write this code in the form:
> -----------------code----------------------
> <input type="password" name="passwd">
> -----------------end-----------------------
I figured it worked the same as a query-string but, from the 
documentation, it wasn't clear that the name of the parameters were to 
match the list '(table user "user" "passwd"). Because the list starts 
with table, I figured that the values given would map to the names of 
the columns in the database but had no idea what I should set the 
parameter names passed to the POST call to.

Setting the form to match the values I placed in the list, it worked! 
Submitting the form redirected to the /sign-in/success endpoint and, I 
assume, spawned a new session before doing so.

However, resubmitting the form, after the first time, did not redirect 
to /sign-in/logged after checking for a session with (:session rc 'check).

To test this more thoroughly, I added an endpoint with

(get "/find" #:session #t (lambda (rc)
                             (if (:session rc 'check)
                                 "YES"
                               "NO!")))

and visited the endpoint after signing in and go the "NO!" result, every 
time. Looking at the documentation, I didn't think I was missing 
anything from my setup but I could always be mistaken.

Jonathan