From 30445bb10809969ec5a006e7d2ca6f581168cf72 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 29 Apr 2014 16:42:01 -0400 Subject: re-jigger the sessions/login helpers. --- app/controllers/sessions_controller.rb | 35 ++++++++++++++++----------- app/helpers/sessions_helper.rb | 22 ++++++++--------- app/views/sessions/new.html.erb | 43 ++++++++++++++++++---------------- 3 files changed, 54 insertions(+), 46 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index dfaeebc..5d96b3e 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -2,26 +2,24 @@ class SessionsController < ApplicationController # GET /sessions/new def new - @user = User.new - #@session = Session.new end # POST /sessions # POST /sessions.json def create # find the user... - @user = User.find_by_email(params[:session][:username_or_email]) || User.find_by_user_name(params[:session][:username_or_email]) + user = User.find_by_email(params[:username_or_email].to_s) || User.find_by_user_name(params[:username_or_email].to_s) #@session = Session.new(@user) # ... and create a new session respond_to do |format| - if @user && @user.authenticate(params[:session][:password]) - sign_in @user - format.html { redirect_to root_path } + if user && user.authenticate(params[:password].to_s) + sign_in user + format.html { redirect_to root_path, notice: "Welcome, #{user.name}" } # TODO; previous URL #format.json { # TODO } else format.html { render action: 'new' } - format.json { render json: @user.errors, status: :unprocessable_entity } + format.json { render json: user.errors, status: :unprocessable_entity } end end end @@ -38,14 +36,23 @@ class SessionsController < ApplicationController end private - # Use callbacks to share common setup or constraints between actions. - def set_session - @token = Session.hash_token(cookies[:remember_token]) - @session = Session.find_by(token: @token) + + # Only allow creating a session if not logged in. + def check_create + unless current_user.nil? + respond_to do |format| + format.html { redirect_to root_path, notice: "You are already logged in" } # TODO: previous URL + format.json { render json: {"errors" => ["already logged in"]}, status: :forbidden } + end + end end - # Never trust parameters from the scary internet, only allow the white list through. - def session_params - params.require(:session).permit(:session_email, :session_user_name, :session_password) + def check_delete + unless signed_in? + respond_to do |format| + format.html { redirect_to root_path, notice: "You are not logged in" } # TODO: previous URL + format.json { render json: {"errors" => ["not logged in"]}, status: :forbidden } + end + end end end diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb index 499e988..7599a0a 100644 --- a/app/helpers/sessions_helper.rb +++ b/app/helpers/sessions_helper.rb @@ -2,25 +2,24 @@ require 'user' module SessionsHelper def sign_in(user) - @session = Session.new(user: user) - raw_token = @session.create_token - @session.save # FIXME: error handling + session = Session.new(user: user) + raw_token = session.create_token + session.save! - @token = Session.hash_token(raw_token) + token = Session.hash_token(raw_token) cookies.permanent[:remember_token] = { value: raw_token, expires: 20.minutes.from_now.utc } + end - #set the current user to be the given user - @current_user = user + def current_session + Session.find_by(token: Session.hash_token(cookies[:remember_token])) end - # sets the @current_user instance virable to the user corresponding + # sets the @current_user instance varable to the user corresponding # to the remember token, but only if @current_user is undefined # since the remember token is hashed, we need to hash the cookie # to find match the remember token def current_user - @token ||= Session.hash_token(cookies[:remember_token]) - @session ||= Session.find_by(token: @token) - @current_user ||= (@session.nil? ? User::NilUser.new : @session.user) + return (current_session.nil? ? User::NilUser.new : current_session.user) end # checks if someone is currently signed in @@ -30,9 +29,8 @@ module SessionsHelper def sign_out if signed_in? - @session.destroy + current_session.destroy end - @current_user = User::NilUser.new cookies.delete(:remember_token) end diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb index ff27762..97f09b6 100644 --- a/app/views/sessions/new.html.erb +++ b/app/views/sessions/new.html.erb @@ -1,23 +1,26 @@

Sign in

-<% if @user.nil? %> -

The email/username or password is incorrect. Verify that CAPS LOCK is not on, and then retype the current email/username and password.

-<% end %> -
- <%= form_for(:session, url: sessions_path) do |f| %> -

- <%= f.label(:username_or_email, "Username/Email") %>
- <%= f.text_field :username_or_email%> -

-

- <%= f.label :password %>
- <%= f.password_field :password %> -

-

- <%= f.submit "Log in", class: "signin" %> -

- <% end %> - -

New user? <%= link_to("Sign up now!", new_user_path) %>

-
+
+ <%= form_tag(sessions_path, method: :post, id: :new_session) do %> + <% if params[:action] == "create" %> +
+

The username/password pair you entered did + not match our records. Check your typing and + try again.

+
+ <% end %> +

+ <%= label_tag(:username_or_email, "Username/Email") %>
+ <%= text_field_tag(:username_or_email) %> +

+

+ <%= label_tag(:password) %>
+ <%= password_field_tag(:password) %> +

+

+ <%= submit_tag("Log in", class: :signin) %> +

+ <% end %> +

New user? <%= link_to("Sign up now!", new_user_path) %>

+
-- cgit v1.2.3