Class: SessionsController

Inherits:

ApplicationController

• Object
• ActionController::Base
• BarkestCore::ApplicationControllerBase
• ApplicationController
• SessionsController

Defined in:

app/controllers/sessions_controller.rb

Overview

A simple controller providing the login and logout methods for the application.

Instance Method Summary

• #create ⇒ Object

  Attempts to login a user.

• #destroy ⇒ Object

  Logs out any currently logged in user session.

• #new ⇒ Object

  Shows the login form.

Methods inherited from BarkestCore::ApplicationControllerBase

#authorize!, #show_denial_reason?

Methods included from BarkestCore::StatusHelper

#clear_system_status, #show_system_status, #status_button_label, #status_redirect_url

Methods included from BarkestCore::RecaptchaHelper

#add_recaptcha_challenge, #verify_recaptcha_challenge

Methods included from BarkestCore::SessionsHelper

#current_user, #current_user?, #forget, #log_in, #log_out, #logged_in?, #redirect_back_or, #remember, #store_location, #store_location_and_redirect_to, #system_admin?

Instance Method Details

#create ⇒ Object

Attempts to login a user. To successfully log in, a user must be activated and enabled.

A disabled user is treated the same as a non-existent user or an invalid password, a generic message stating invalid email or password is shown. An non-activated user is given a message indicating their account is not yet active.

Upon successfuly login, the user is redirected back to where they came from or to the root url.

# File 'app/controllers/sessions_controller.rb', line 23

def create
  if (@user = BarkestCore::UserManager.authenticate(params[:session][:email], params[:session][:password], request.remote_ip))
    if @user.activated?
      # log the user in.
      log_in @user
      params[:session][:remember_me] == '1' ? remember(@user) : forget(@user)

      # show alerts on login.
      session[:show_alerts] = true

      redirect_back_or @user
    else
      flash[:safe_warning] = 'Your account has not yet been activated.<br/>Check your email for the activation link.'
      redirect_to root_url
    end
  else
    # deny login.
    flash.now[:danger] = 'Invalid email or password.'
    render 'new'
  end
end

#destroy ⇒ Object

Logs out any currently logged in user session.

This will not raise errors if a user is not logged in and will redirect to the root url when finished.

# File 'app/controllers/sessions_controller.rb', line 51

def destroy
  log_out if logged_in?
  redirect_to root_url
end

#new ⇒ Object

Shows the login form.

# File 'app/controllers/sessions_controller.rb', line 10

def new
end