Class: Auth::AuthController
- Inherits:
-
Nitro::Controller
- Object
- Nitro::Controller
- Auth::AuthController
- Includes:
- Nitro::JavascriptMixin
- Defined in:
- lib/nitro/auth/auth_controller.rb
Overview
Provides basic login actions.
In theory, AuthController
can be easily integrated into your application. Or, at least, that’s the goal – we’re early enough that it hasn’t been tested much yet.
Constant Summary collapse
Class Method Summary collapse
-
.user_class=(klass) ⇒ Object
Sets the default class all authentication controllers will use when creating new users.
Instance Method Summary collapse
-
#access_denied ⇒ Object
The action run when the current user doesn’t have sufficient permissions to run the requested action.
-
#login ⇒ Object
The main login action.
-
#login_url ⇒ Object
Spits out the url to the login page.
-
#logout ⇒ Object
Log the current user out.
-
#new_user ⇒ Object
Try to create a new user.
-
#new_user_url ⇒ Object
Spits out the url to the create-a-new-user action.
-
#register ⇒ Object
Register a new user.
-
#register_url ⇒ Object
Spits out the url to the register-a-new-user page.
-
#return_to_original_location ⇒ Object
Returns the user back to their original location.
-
#try_login ⇒ Object
Attempt to log the user in.
-
#try_login_url ⇒ Object
Spits out the url to the try-to-login action.
Class Method Details
.user_class=(klass) ⇒ Object
Sets the default class all authentication controllers will use when creating new users.
Uses Auth::User by default, but generally applications will extend that class rather than use it bare.
179 180 181 182 183 184 185 |
# File 'lib/nitro/auth/auth_controller.rb', line 179 def self.user_class=(klass) if klass.is_a? Class @@user_class = klass else raise "Invalid default user_class set in Auth::AuthController." end end |
Instance Method Details
#access_denied ⇒ Object
The action run when the current user doesn’t have sufficient permissions to run the requested action.
42 43 44 45 46 |
# File 'lib/nitro/auth/auth_controller.rb', line 42 def access_denied @backlink = session["prelogin_referer"] session.delete "prelogin_uri" session.delete "prelogin_referer" end |
#login ⇒ Object
The main login action.
49 50 51 52 53 54 |
# File 'lib/nitro/auth/auth_controller.rb', line 49 def login @login_name = request.params["login"].to_s @login_name = nil if @login_name.empty? @error = "Login or password incorrect." if "false" == request.params["allowed"] @error = request.params["error"] if request.params["error"] end |
#login_url ⇒ Object
Spits out the url to the login page.
26 27 28 |
# File 'lib/nitro/auth/auth_controller.rb', line 26 def login_url "#{controller_name}/login" end |
#logout ⇒ Object
Log the current user out.
57 58 59 60 61 |
# File 'lib/nitro/auth/auth_controller.rb', line 57 def logout Logger.debug "Logging out." = Cookie.new "login_session_key", "" response. end |
#new_user ⇒ Object
Try to create a new user. This is the action at which “register a new user” forms should point.
TODO: Allow some sort of password quality check? A plugin, perhaps? Or just assume that the user object’s validation is sufficient?
TODO: Use Nitro form validation once it’s all there.
TODO: Get rid of these hardcoded error messages.
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
# File 'lib/nitro/auth/auth_controller.rb', line 146 def new_user Logger.debug("Setting up new user.") login = request.params['login'] password = request.params['password'] confirm = request.params['confirm_password'] # Doublecheck. The Javascript should have checked this, but # just in case... registration_error "You must provide a login." if login.empty? registration_error "You must provide a password." if password.empty? registration_error "Passwords do not match." if password != confirm # Further validation is delegated to the user object. # See if the login is duplicate existing_user = User.find_one(:where => "login = '#{login}'") registration_error "Login #{login} already exists." if existing_user # Okay, try to create it. new_user = @@user_class.create(login, password, request.params) user_role = Role.find_one(:where => "name = '#{Auth.user_role}'") new_user.add_role user_role if user_role Logger.debug("Finished new user setup, trying to log in.") try_login end |
#new_user_url ⇒ Object
Spits out the url to the create-a-new-user action.
36 37 38 |
# File 'lib/nitro/auth/auth_controller.rb', line 36 def new_user_url "#{controller_name}/new_user" end |
#register ⇒ Object
Register a new user.
Expects a few things of its template:
-
Form action should point to new_user (using new_user_url).
-
Needs, at least:
-
Text input named login.
-
Password input named password.
-
Password input named confirm_password.
-
error (a text element for displaying errors, should generally be rendered with #@error or the like).
-
Form submit button named register_new_user.
-
-
Template should use the Nitro javascript mixin appropriately.
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 |
# File 'lib/nitro/auth/auth_controller.rb', line 116 def register @backlink = session["prelogin_referer"] @error = request.params["error"] || "" @new_user = @@user_class.new(nil, nil, request.params) behaviour "#register_new_user", %{ el.onclick = function() { var form = this.form; var error = document.getElementById("error"); if (0 == form.login.value.length) { error.innerHTML = "You must provide a login." } else if (0 == form.password.value.length) { error.innerHTML = "You must provide a password." } else if (form.password.value != form.confirm_password.value) { error.innerHTML = "Passwords do not match." } else { form.submit(); } } } end |
#register_url ⇒ Object
Spits out the url to the register-a-new-user page.
21 22 23 |
# File 'lib/nitro/auth/auth_controller.rb', line 21 def register_url "#{controller_name}/register" end |
#return_to_original_location ⇒ Object
Returns the user back to their original location.
92 93 94 95 96 97 98 99 100 101 |
# File 'lib/nitro/auth/auth_controller.rb', line 92 def return_to_original_location prelogin_uri = session["prelogin_uri"] session.delete "prelogin_uri" session.delete "prelogin_referer" Logger.debug("Redirecting back to #{prelogin_uri}.") redirect prelogin_uri if prelogin_uri Logger.debug("No prelogin URI, redirecting back to / instead.") redirect "/" end |
#try_login ⇒ Object
Attempt to log the user in. This is the action at which login forms should point (preferably using try_login_url).
Redirects back wherever they originally came from if login is successful, or the login page again if not.
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/nitro/auth/auth_controller.rb', line 68 def try_login Logger.debug("Trying to log in.") user = nil login = request.params['login'] password = request.params['password'] user = User.find_one(:where => "login = '#{login}'") if login Logger.debug("Found user #{user.oid} with login #{login}.") if user if user and authenticate(user, password) session_key = user.session_key if session_key = Cookie.new "login_session_key", session_key .expires = user.session_key_expires response. end Logger.debug("Sending them back from whence they came.") return_to_original_location end Logger.debug("Login incorrect, sending them back to login page.") redirect login_url + "?allowed=false" end |
#try_login_url ⇒ Object
Spits out the url to the try-to-login action.
31 32 33 |
# File 'lib/nitro/auth/auth_controller.rb', line 31 def try_login_url "#{controller_name}/try_login" end |