re-jigger the sessions/login helpers.

3 files changed, 54 insertions, 46 deletions

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index dfaeebc..5d96b3e 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -2,26 +2,24 @@ class SessionsController < ApplicationController
 
 	# GET /sessions/new
 	def new
-		@user = User.new
-		#@session = Session.new
 	end
 
 	# POST /sessions
 	# POST /sessions.json
 	def create
 		# find the user...
-		@user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email])
+		user = User.find_by_email(params[:username_or_email].to_s) || User.find_by_user_name(params[:username_or_email].to_s)
 
 		#@session = Session.new(@user)
 		# ... and create a new session
 		respond_to do |format|
-			if @user && @user.authenticate(params[:session][:password])
-				sign_in @user
-				format.html { redirect_to root_path }
+			if user && user.authenticate(params[:password].to_s)
+				sign_in user
+				format.html { redirect_to root_path, notice: "Welcome, #{user.name}" } # TODO; previous URL
 				#format.json { # TODO }
 			else
 				format.html { render action: 'new' }
-				format.json { render json: @user.errors, status: :unprocessable_entity }
+				format.json { render json: user.errors, status: :unprocessable_entity }
 			end
 		end
 	end
@@ -38,14 +36,23 @@ class SessionsController < ApplicationController
 	end
 
 	private
-	# Use callbacks to share common setup or constraints between actions.
-	def set_session
-		@token = Session.hash_token(cookies[:remember_token])
-		@session = Session.find_by(token: @token)
+
+	# Only allow creating a session if not logged in.
+	def check_create
+		unless current_user.nil?
+			respond_to do |format|
+				format.html { redirect_to root_path, notice: "You are already logged in" } # TODO: previous URL
+				format.json { render json: {"errors" => ["already logged in"]}, status: :forbidden }
+			end
+		end
 	end
 
-	# Never trust parameters from the scary internet, only allow the white list through.
-	def session_params
-		params.require(:session).permit(:session_email, :session_user_name, :session_password)
+	def check_delete
+		unless signed_in?
+			respond_to do |format|
+				format.html { redirect_to root_path, notice: "You are not logged in" } # TODO: previous URL
+				format.json { render json: {"errors" => ["not logged in"]}, status: :forbidden }
+			end
+		end
 	end
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 499e988..7599a0a 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -2,25 +2,24 @@ require 'user'
 
 module SessionsHelper
 	def sign_in(user)
-		@session = Session.new(user: user)
-		raw_token = @session.create_token
-		@session.save # FIXME: error handling
+		session = Session.new(user: user)
+		raw_token = session.create_token
+		session.save!
 
-		@token = Session.hash_token(raw_token)
+		token = Session.hash_token(raw_token)
 		cookies.permanent[:remember_token] = { value: raw_token, expires: 20.minutes.from_now.utc }
+	end
 
-		#set the current user to be the given user
-		@current_user = user
+	def current_session
+		Session.find_by(token: Session.hash_token(cookies[:remember_token]))
 	end
 
-	# sets the @current_user instance virable to the user corresponding
+	# sets the @current_user instance varable to the user corresponding
 	# to the remember token, but only if @current_user is undefined
 	# since the remember token is hashed, we need to hash the cookie
 	# to find match the remember token
 	def current_user
-		@token ||= Session.hash_token(cookies[:remember_token])
-		@session ||= Session.find_by(token: @token)
-		@current_user ||= (@session.nil? ? User::NilUser.new : @session.user)
+		return (current_session.nil? ? User::NilUser.new : current_session.user)
 	end
 
 	# checks if someone is currently signed in
@@ -30,9 +29,8 @@ module SessionsHelper
 
 	def sign_out
 		if signed_in?
-			@session.destroy
+			current_session.destroy
 		end
-		@current_user = User::NilUser.new
 		cookies.delete(:remember_token)
 	end
 
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index ff27762..97f09b6 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -1,23 +1,26 @@
 <h1>Sign in</h1>
-<% if @user.nil? %>
-  <p class="errors"> The email/username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current email/username and password. </p>
-<% end %>
 
-  <div class="span6 offset3">
-    <%= form_for(:session, url: sessions_path) do |f| %>
-    <p>
-      <%= f.label(:username_or_email, "Username/Email") %><br/>
-      <%= f.text_field :username_or_email%>
-    </p>
-    <p>
-      <%= f.label :password %><br/>
-      <%= f.password_field :password %>
-    </p>
-    <p>
-      <%= f.submit "Log in", class: "signin" %>
-    </p>
-    <% end %>
-
-    <p>New user? <%= link_to("Sign up now!", new_user_path) %></p>
-  </div>
+<div>
+	<%= form_tag(sessions_path, method: :post, id: :new_session) do %>
+		<% if params[:action] == "create" %>
+			<div id="error_explanation">
+				<p>The username/password pair you entered did
+				not match our records.  Check your typing and
+				try again.</p>
+			</div>
+		<% end %>
+		<p>
+			<%= label_tag(:username_or_email, "Username/Email") %><br/>
+			<%= text_field_tag(:username_or_email) %>
+		</p>
+		<p>
+			<%= label_tag(:password) %><br/>
+			<%= password_field_tag(:password) %>
+		</p>
+		<p>
+			<%= submit_tag("Log in", class: :signin) %>
+		</p>
+	<% end %>
 
+	<p>New user? <%= link_to("Sign up now!", new_user_path) %></p>
+</div>