alexanderscott / backbone-login Goto Github PK
View Code? Open in Web Editor NEWBest practices & demo for client-side authentication via Backbone.JS AJAX.
License: MIT License
Best practices & demo for client-side authentication via Backbone.JS AJAX.
License: MIT License
Shouldn't you use Backbone.ajax instead $.ajax calls?
For example here.
When my account was compromised a spam issue was created in this repo. I sincerely apologize. Cleaning up such issues via script.
Hi, thanks for the demo. I'm trying to follow some of these patterns in my project. Quick question, what is to stop someone from just doing:
var app = require('app');
app.session.user.set('logged_in', true);
in their console and gaining access to protected routes?
Firstly I'd like to thank you for your contribution. This is a really great explanation of how to implement backbone login, and it was very useful for me.
However, I've noticed that the session.user is not updated correctly when the event 'change:logged_in' is handled by the view / template.
I have a slightly different setup than your example, I'm using Backbone Marionette and Backbone.Marionette.Handlebars helpers (hbs) to render / manage view templates. What I noticed was that when the 'change:logged_in' event fires as a result of a successful user log in, that the user model when accessed via session.user was still the invalid user model. It doesn't update correctly until the page is refreshed, which defeats the object!
My scenario is that I use the session model as the model of one of my views. I have a handlebars template which looks first at 'logged_in', if this is true is looks to render the user's name using user.username. My problem is that user.username is still the unauthenticated user response/ model.
I fixed my problem with the following change to postAuth function in SessionModel.js.
-self.updateSessionUser( res.user || {} );
-self.set({ user_id: res.user.id, logged_in: true });
+self.set({
logged_in: true,
user_id: res.user.id,
user: _.pick(res.user, _.keys(self.user.defaults))
});
Basically if you set the user model as part of the session model set, the new user model is available via App.session.user, otherwise it is not. Plus a similar change was needed in checkAuth for consistency.
I realise your example is structured slightly differently and what you have works for your example, but I think the user model should be set correctly at the point the session logged_in state is set.
Another suggestion....I would consider not using any cookie helpers. Cookies should be locked and not accessible by JavaScript for security reasons. If someone manages to inject malicious code, the user's cookies could be stolen.
Hiya
Can't see from the code where the cookie is actually getting saved.
Looking to use something similar but with a laravel back end, Set Cookie is coming through but not getting set. See in your Utils that you have a createCooke method.. new to backbone so just trying to peice it together
Cheers
Set-Cookie:user_id=eyJpdiI6Ik9xYjFhMTkzdUd1TlF3b09IdmlmdHc9PSIsInZhbHVlIjoiRENGaGxFbjZjVTdsVW5JTmhoSHB0UT09IiwibWFjIjoiYzhlOTIzZWU4NzcyZjg4YmY4YzcwYjJiNDgyZWE3ZTAzOTYzNzYwN2I5ODY0NDkwNzY0YmQwYTdmOGI2Y2VhNCJ9; expires=Sun, 12-Oct-2014 15:51:34 GMT; path=/
Here is a quick suggestion. Instead of using app.session = new SessionModel({ });
you can return new SessionModel()
in SessionModel.js and that way you can enforce the singleton pattern. No need to set it in app.session. Any place you'd want to use the SessionModel just require it directly. Given the way require works, you would get the already instanciated SessionModel.
Hello,
I've noticed that within the public/router.js file , line 36 ,you used a function called "close" but... I don't know where it is created.
Could you possibly add it or tell me where is it declared?
Thanks ;D
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.