7

I'm trying to learn out Cro (and Perl6 simultaneously) ;)

My study app is based on the documentation of Cro. I added some authentication which does work, but the user session gets forgotten immediately.

You can check out the code at https://gitlab.com/ecocode/beaverapp go to the login pasge and login with "user" and "pwd". You get rerouted to / (which indicates the login succeeded), but the message there is "Current user: -". So the session gets lost.

The relevant part of Routes.pm6 :

class UserSession does Cro::HTTP::Auth {
    has $.username is rw;

    method logged-in() {
        defined $!username;
    }
}

my $routes = route {
    subset LoggedIn of UserSession where *.logged-in;

    get -> UserSession $s {
        content 'text/html', "Current user: {$s.logged-in ?? $s.username !! '-'}";
    }

    get -> LoggedIn $user, 'users-only' {
        content 'text/html', "Secret page just for *YOU*, $user.username()";
    }

    get -> 'login' {
        content 'text/html', q:to/HTML/;
            <form method="POST" action="/login">
              <div>
                Username: <input type="text" name="username" />
              </div>
              <div>
                Password: <input type="password" name="password" />
              </div>
              <input type="submit" value="Log In" />
            </form>
            HTML
    }

    post -> UserSession $user, 'login' {
        request-body -> (:$username, :$password, *%) {
            if valid-user-pass($username, $password) {
                $user.username = $username;
                redirect '/', :see-other;
            }
            else {
                content 'text/html', "Bad username/password";
            }
        }
    }

    sub valid-user-pass($username, $password) {
        # Call a database or similar here
        return $username eq 'user' && $password eq 'pwd';
    }
}

sub routes(Beaverapp $beaverapp) is export {
    route {
        # Apply middleware, then delegate to the routes.
        before Cro::HTTP::Session::InMemory[UserSession].new;
        delegate <*> => $routes;
    }
}

I think the problem is due to the middleware session management not working. How should I correct this? Or maybe the problem is due to something else?

Erik Colson
  • 103
  • 6
  • So what specifically is your question? Can you put the relevant code snippet directly in your question instead of having people poke around your repo? – Cory Kramer Jul 21 '18 at 00:37
  • I modified my post. – Erik Colson Jul 21 '18 at 09:50
  • .oO ( close? because off topic? methinks that's a miss-click ) hi Erik, thanks for showing your code, and for debugging cro, and for your patience. I think your question was well written (I agree pasting the code helped). Please don't hesitate to post more SOs like that. I'm just about to install [comma](https://commaide.com/) tonight and expect to play with cro for the first time tomorrow so might either learn from you or vice-versa in the near future. :) – raiph Jul 21 '18 at 20:11
  • @raiph If you clicked through that top layer, you would see that the reasoning behind the close vote is less definitive than you think. Honestly if it wasn't determined to be a bug in Cro itself, I would consider a similar vote. While I probably wouldn't do so myself, the person who did was justified in the close vote. Personally I would try to edit it so that was more clearly within the rules, and only if I couldn't figure out how to do so would I really consider a close vote. – Brad Gilbert Jul 21 '18 at 21:00
  • I hear you & agree & know the issue was likely the *Minimal* bit of [How to create a Minimal, Complete, and Verifiable example](https://stackoverflow.com/help/mcve). I accept the close vote was justified. My thought bubble was part of a nod to [Be welcoming, be patient, and assume good intentions. Don't expect new users to know all the rules — they don't. And be patient while they learn.](https://stackoverflow.com/help/be-nice), given that Erik is a brand new SO user who wrote a decent question and responded to guidance to improve it. I urge folk to *patiently* ask newbies to improve b4 close. – raiph Jul 21 '18 at 21:37

2 Answers2

7

The behavior you saw was indeed caused by a bug in cookie-treatment inside of HTTP/2 stack.

As for now, the bug is fixed and the code in OP post works.

Takao
  • 1,016
  • 6
  • 11
3

After discussion on cro irc channel, this problem only appears when using https 2. So the code above is correct.

Erik Colson
  • 103
  • 6