CFWheels: Redirecting non-authorized access after login

Posted on by

CFWheels always seems to make me smile with certain features. It isn’t 100% perfect (what is?) but it really makes CF dev fun. In this case, we’re taking a simple scenario of a user attempting to access a non-public url while not authorized to login. It could be from a bookmark or them simply trying to “hack” your system. Either way, once the user logs in they should automatically get to the page they want. Here’s how you can do it in Wheels.

First, you need to know Wheels passes all “route-specific” information in the params object. This object contains a lot of things but in this case we’re concerned with the route elements:

  • route
  • controller
  • action
  • [key, value, other custom property, etc]

We won’t get into routing but you can read more about it here. The docs page will clarify the last bullet point above.

Now, the normal flow to handle redirecting a user is to hold a reference to the page their requesting. You could do this with any of the normal ways in CF (storing CGI info, etc) but Wheels allows you to do the following:

...
<!--- save the current params to a session variable --->
<cfset session.redirectparams = params />
 
<!--- redirect the user to the login page --->
<cfset redirectTo(action="login") />
...

That goes in your code where you found the user not to be authorized. Of course your action may not be named “login” but you get the point. Next you need to redirect after the login is successful.

...
<cfif isDefined("session.redirectparams")>
     <!--- make a copy of the struct so the next line doesn't interfere --->
     <cfset var args = structcopy(session.redirectparams) />
 
     <!--- delete the struct from the session --->
     <cfset structDelete(session, "redirectparams") />
 
     <!--- redirect to the previously expected location --->
     <cfset redirectTo(argumentCollection=args) />
<cfelse>
     <!--- send user to default page --->
</cfif>
...

What this does is pass each property contained within your original params into redirectTo, which takes them and determines the best route to use then sends the user off.

This is a very simple feature to implement but your users will love you a little bit more for it. Enjoy!

  • http://brandonmoser.com Brandon Moser

    Great post…forwarded it to our team building our new app in CFWheels.

    • http://www.johncblandii.com johncblandii

      Thanks Brandon!

  • Brad

    Exactly what I was looking for, thanks for share!

    • http://www.johncblandii.com John C. Bland II

      Brad, glad it helped. Apologies on the delayed response. Disqus should help me stay tuned in now. :)

  • http://twitter.com/mrbrianward Brian Ward

    John – with updates to the Wheels framework over the past year couldn’t a user just use “redirectTo(back=true)” to do the same thing now? Great blog btw – keep the Wheels posts coming!

    • http://www.johncblandii.com John C. Bland II

      Brian, the problem with redirectTo is the form submission. If you hit the one page, redirected to the form, clicked forgot password, submitted that form, went back to the sign in, submitted that then did a redirectTo(back=true) you wouldn’t go to the protected page. A more common is you go to the one page, redirected to the form, submitted your sign in info, info failed, try again, and again, and again, then get it right and redirectTo(back=true) would go to the form submission again.

      The idea is to create a way for you to not care how many page clicks or form submissions are between the moment they access an unauthorized url and the moment they are properly authorized.

      Thx for the encouragement. I have some other things to share on Wheels very soon.

  • djByron

    Awesome!!  Just what I needed! Long live Wheels!

    • http://www.johncblandii.com John C. Bland II

      Glad I could help. :)