summaryrefslogtreecommitdiff
path: root/app/controllers/sessions_controller.rb
diff options
context:
space:
mode:
authorsimon <simon@zagal.(none)>2009-02-08 23:15:11 +0100
committerhukl <hukl@eight.local>2009-02-15 20:22:01 +0100
commit9f94a70c3e3d9bf766cb9663b0a904d30a190d85 (patch)
tree4b4bbf567ec60a939d024b083b478d72476700a5 /app/controllers/sessions_controller.rb
parent48ffd4eb446bcaeba7651758ec3002f342702249 (diff)
* initial commit of the stripped restful-authentication
* http basic auth and login from cookie have been removed * no it does not work yet, it's so f*cking secure, it won't even let legitimate users login
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r--app/controllers/sessions_controller.rb40
1 files changed, 40 insertions, 0 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..7c06ac8
--- /dev/null
+++ b/app/controllers/sessions_controller.rb
@@ -0,0 +1,40 @@
1# This controller handles the login/logout function of the site.
2class SessionsController < ApplicationController
3
4 # render new.rhtml
5 def new
6 end
7
8 def create
9 logout_keeping_session!
10 user = User.authenticate(params[:login], params[:password])
11 if user
12 # Protects against session fixation attacks, causes request forgery
13 # protection if user resubmits an earlier form using back
14 # button. Uncomment if you understand the tradeoffs.
15 reset_session
16
17 self.current_user = user
18 redirect_back_or_default('/') # TODO: insert appropriate path to cms main page
19 flash[:notice] = "Logged in successfully"
20 else
21 note_failed_signin
22 @login = params[:login]
23 @remember_me = params[:remember_me]
24 render :action => 'new'
25 end
26 end
27
28 def destroy
29 logout_killing_session!
30 flash[:notice] = "You have been logged out."
31 redirect_back_or_default('/login')
32 end
33
34protected
35 # Track failed login attempts
36 def note_failed_signin
37 flash[:error] = "Couldn't log you in as '#{params[:login]}'"
38 logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
39 end
40end