Foodsoft/foodsoft
1
1
Fork 0
Code Issues 36 Pull requests 5 Projects 1 Releases Wiki Activity

Refactored login module. Implemented standard sessions controller.

Browse source
This commit is contained in:
benni 2011-05-11 13:38:46 +02:00
parent b1a700ab5d
commit e40f865c45
13 changed files with 89 additions and 332 deletions
Download patch file Download diff file Expand all files Collapse all files

47
app/controllers/application_controller.rb
View file

@ -1,12 +1,10 @@
class ApplicationController < ActionController::Base
filter_parameter_logging :password, :password_confirmation # do not log passwort parameters
protect_from_forgery
before_filter :select_foodcoop, :authenticate, :store_controller
after_filter :remove_controller
# sends a mail, when an error occurs
# see plugins/exception_notification
include ExceptionNotifiable
helper_method :current_user
# Returns the controller handling the current request.
def self.current
@ -25,46 +23,27 @@ class ApplicationController < ActionController::Base
protected
def current_user
begin
# check if there is a valid session and return the logged-in user (its object)
if session[:user] and session[:foodcoop]
# for shared-host installations. check if the cookie-subdomain fits to request.
return User.current_user = User.find(session[:user]) if session[:foodcoop] == Foodsoft.env
end
rescue
reset_session
flash[:error]= _("An error has occurred. Please login again.")
redirect_to :controller => 'login'
# check if there is a valid session and return the logged-in user (its object)
if session[:user_id] and params[:foodcoop]
# for shared-host installations. check if the cookie-subdomain fits to request.
@current_user ||= User.find(session[:user_id]) if params[:foodcoop] == Foodsoft.env
end
end
def current_user=(user)
session[:user], session[:foodcoop] = user.id, Foodsoft.env
end
def return_to
session['return_to']
end
def return_to=(uri)
session['return_to'] = uri
end
def deny_access
self.return_to = request.request_uri
redirect_to :controller => '/login', :action => 'denied'
return false
redirect_to login_url, :alert => 'Access denied!'
end
private
def authenticate(role = 'any')
# Attempt to retrieve authenticated user from controller instance or session...
if !(user = current_user)
if !current_user
# No user at all: redirect to login page.
self.return_to = request.request_uri
redirect_to :controller => '/login'
return false
session[:user_id] = nil
session['return_to'] = request.fullpath
redirect_to login_url, :alert => 'Authentication required!'
else
# We have an authenticated user, now check role...
# Roles gets the user through his memberships.
@ -78,7 +57,7 @@ class ApplicationController < ActionController::Base
else false # any unknown role will always fail
end
if hasRole
@current_user = user
current_user
else
deny_access
end

49
app/controllers/login_controller.rb
View file

@ -2,47 +2,8 @@ class LoginController < ApplicationController
skip_before_filter :authenticate # no authentication since this is the login page
before_filter :validate_token, :only => [:password, :update_password]
verify :method => :post, :only => [:login, :reset_password, :new], :redirect_to => { :action => :index }
# Redirects to the login action.
def index
render :action => 'login'
end
# Logout the current user and deletes the session
def logout
self.return_to = nil
current_user = nil
reset_session
flash[:notice] = "Abgemeldet"
render :action => 'login'
end
# Displays a "denied due to insufficient privileges" message and provides the login form.
def denied
flash[:error] = "Du bist nicht berechtigt diese Seite zu besuchen. Bitte als berechtige Benutzerin anmelden oder zurück gehen."
render :action => 'login'
end
# Login to the foodsoft.
def login
user = User.find_by_nick(params[:login][:user])
if user && user.has_password(params[:login][:password])
# Set last_login to Now()
user.update_attribute(:last_login, Time.now)
self.current_user = user
if (redirect = return_to)
self.return_to = nil
redirect_to redirect
else
redirect_to root_path
end
else
current_user = nil
flash[:error] = "Tschuldige, die Anmeldung war nicht erfolgreich. Bitte erneut versuchen."
end
end
verify :method => :post, :only => [:reset_password], :redirect_to => { :action => 'forgot_password' }
# Display the form to enter an email address requesting a token to set a new password.
def forgot_password
end
@ -57,8 +18,7 @@ class LoginController < ApplicationController
logger.debug("Sent password reset email to #{user.email}.")
end
end
flash[:notice] = "Wenn Deine E-Mail hier registiert ist bekommst Du jetzt eine Nachricht mit einem Passwort-Zurücksetzen-Link."
render :action => 'login'
redirect_to login_url, :notice => "Wenn Deine E-Mail hier registiert ist bekommst Du jetzt eine Nachricht mit einem Passwort-Zurücksetzen-Link."
end
# Set a new password with a token from the password reminder email.
@ -74,8 +34,7 @@ class LoginController < ApplicationController
@user.reset_password_token = nil
@user.reset_password_expires = nil
@user.save
flash[:notice] = "Dein Passwort wurde aktualisiert. Du kannst Dich jetzt anmelden."
render :action => 'login'
redirect_to login_url, :notice => "Dein Passwort wurde aktualisiert. Du kannst Dich jetzt anmelden."
else
render :action => 'password'
end

24
app/controllers/sessions_controller.rb Normal file
View file

@ -0,0 +1,24 @@
class SessionsController < ApplicationController
skip_before_filter :authenticate
layout 'login'
def new
end
def create
user = User.authenticate(params[:nick], params[:password])
if user
session[:user_id] = user.id
redirect_to session['return_to'] || root_url, :notice => "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
def destroy
session[:user_id] = nil
redirect_to login_url, :notice => "Logged out!"
end
end