Sign upLogin

fairplaysk/datacamp

View on GitHub
Star
app/controllers/sessions_controller.rb

Summary

Maintainability
A
45 mins
Test Coverage
# -*- encoding : utf-8 -*-
# Sessions Controller
#
# This controller handles the login/logout function of the site.  
#
# Copyright:: (C) 2009 Knowerce, s.r.o.
# 
# Author:: Vojto Rinik <vojto@rinik.net>
# Date: Sep 2009
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU Lesser General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

class SessionsController < ApplicationController
  # Be sure to include AuthenticationSystem in Application Controller instead
  include AuthenticatedSystem

  before_filter :login_required, :except => [:new, :create]

  # render new.rhtml
  def new
  end

  def create
    logout_keeping_session!
    user = User.authenticate(params[:login], params[:password])
    if user
      # Protects against session fixation attacks, causes request forgery
      # protection if user resubmits an earlier form using back
      # button. Uncomment if you understand the tradeoffs.
      # reset_session
      self.current_user = user
      # Set locale
      I18n.locale = user.loc if user.loc?
      new_cookie_flag = true
      handle_remember_cookie! new_cookie_flag
      flash[:notice] = t("users.logged_in")
      flash[:user_signed_in] = true
      if params[:return] && params[:return].starts_with?('/')
        redirect_to params[:return]
      else
        redirect_to  root_path
      end
    else
      note_failed_signin
      @login       = params[:login]
      @remember_me = params[:remember_me]
      render :action => 'new'
    end
  end

  def destroy
    logout_killing_session!
    flash[:notice] = "You have been logged out."
    redirect_to :back
  end

protected
  # Track failed login attempts
  def note_failed_signin
    flash[:error] = I18n.t('session.note_failed_signin')
    logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
  end
end