Class: Auth::AuthController

Inherits:

Nitro::Controller

• Object
• Nitro::Controller
• Auth::AuthController

Includes:

Nitro::JavascriptMixin

Defined in:

lib/nitro/auth/auth_controller.rb

Overview

Provides basic login actions.

In theory, AuthController can be easily integrated into your application. Or, at least, that’s the goal – we’re early enough that it hasn’t been tested much yet.

Constant Summary

@@user_class =

Auth::User

Class Method Summary

• .user_class=(klass) ⇒ Object

  Sets the default class all authentication controllers will use when creating new users.

Instance Method Summary

• #access_denied ⇒ Object

  The action run when the current user doesn’t have sufficient permissions to run the requested action.

• #login ⇒ Object

  The main login action.

• #login_url ⇒ Object

  Spits out the url to the login page.

• #logout ⇒ Object

  Log the current user out.

• #new_user ⇒ Object

  Try to create a new user.

• #new_user_url ⇒ Object

  Spits out the url to the create-a-new-user action.

• #register ⇒ Object

  Register a new user.

• #register_url ⇒ Object

  Spits out the url to the register-a-new-user page.

• #return_to_original_location ⇒ Object

  Returns the user back to their original location.

• #try_login ⇒ Object

  Attempt to log the user in.

• #try_login_url ⇒ Object

  Spits out the url to the try-to-login action.

Class Method Details

.user_class=(klass) ⇒ Object

Sets the default class all authentication controllers will use when creating new users.

Uses Auth::User by default, but generally applications will extend that class rather than use it bare.

# File 'lib/nitro/auth/auth_controller.rb', line 179

def self.user_class=(klass)
    if klass.is_a? Class
        @@user_class = klass
    else
        raise "Invalid default user_class set in Auth::AuthController."
    end
end

Instance Method Details

#access_denied ⇒ Object

The action run when the current user doesn’t have sufficient permissions to run the requested action.

# File 'lib/nitro/auth/auth_controller.rb', line 42

def access_denied
    @backlink = session["prelogin_referer"]
    session.delete "prelogin_uri"
    session.delete "prelogin_referer"
end

#login ⇒ Object

The main login action.

# File 'lib/nitro/auth/auth_controller.rb', line 49

def login
    @login_name = request.params["login"].to_s
    @login_name = nil if @login_name.empty?
    @error = "Login or password incorrect." if "false" == request.params["allowed"]
    @error = request.params["error"] if request.params["error"]
end

#login_url ⇒ Object

Spits out the url to the login page.

# File 'lib/nitro/auth/auth_controller.rb', line 26

def login_url
    "#{controller_name}/login"
end

#logout ⇒ Object

Log the current user out.

# File 'lib/nitro/auth/auth_controller.rb', line 57

def logout
    Logger.debug "Logging out."
    session_cookie = Cookie.new "login_session_key", ""
    response.add_cookie session_cookie
end

#new_user ⇒ Object

Try to create a new user. This is the action at which “register a new user” forms should point.

TODO: Allow some sort of password quality check? A plugin, perhaps? Or just assume that the user object’s validation is sufficient?

TODO: Use Nitro form validation once it’s all there.

TODO: Get rid of these hardcoded error messages.

# File 'lib/nitro/auth/auth_controller.rb', line 146

def new_user
    Logger.debug("Setting up new user.")
    login = request.params['login']
    password = request.params['password']
    confirm = request.params['confirm_password']
    # Doublecheck.  The Javascript should have checked this, but
    # just in case...
    registration_error "You must provide a login." if login.empty?
    registration_error "You must provide a password." if password.empty?
    registration_error "Passwords do not match." if password != confirm
    # Further validation is delegated to the user object.

    # See if the login is duplicate
    existing_user = User.find_one(:where => "login = '#{login}'")
    registration_error "Login #{login} already exists." if existing_user

    # Okay, try to create it.
    new_user = @@user_class.create(login, password, request.params)
    user_role = Role.find_one(:where => "name = '#{Auth.user_role}'")
    new_user.add_role user_role if user_role
    Logger.debug("Finished new user setup, trying to log in.")
    try_login
end

#new_user_url ⇒ Object

Spits out the url to the create-a-new-user action.

# File 'lib/nitro/auth/auth_controller.rb', line 36

def new_user_url
    "#{controller_name}/new_user"
end

#register ⇒ Object

Register a new user.

Expects a few things of its template:

• Form action should point to new_user (using new_user_url).

• Needs, at least:

  • Text input named login.

  • Password input named password.

  • Password input named confirm_password.

  • error (a text element for displaying errors, should generally be rendered with #@error or the like).

  • Form submit button named register_new_user.

• Template should use the Nitro javascript mixin appropriately.

# File 'lib/nitro/auth/auth_controller.rb', line 116

def register
    @backlink = session["prelogin_referer"]
    @error = request.params["error"] || ""
    @new_user = @@user_class.new(nil, nil, request.params)
    behaviour "#register_new_user", %{
        el.onclick = function() {
            var form = this.form;
            var error = document.getElementById("error");
            if (0 == form.login.value.length) {
                error.innerHTML = "You must provide a login."
            } else if (0 == form.password.value.length) {
                error.innerHTML = "You must provide a password."
            } else if (form.password.value != form.confirm_password.value) {
                error.innerHTML = "Passwords do not match."
            } else {
                form.submit();
            }
        }
    }
end

#register_url ⇒ Object

Spits out the url to the register-a-new-user page.

# File 'lib/nitro/auth/auth_controller.rb', line 21

def register_url
    "#{controller_name}/register"
end

#return_to_original_location ⇒ Object

Returns the user back to their original location.

# File 'lib/nitro/auth/auth_controller.rb', line 92

def return_to_original_location
    prelogin_uri = session["prelogin_uri"]
    session.delete "prelogin_uri"
    session.delete "prelogin_referer"
    Logger.debug("Redirecting back to #{prelogin_uri}.")
    redirect prelogin_uri if prelogin_uri

    Logger.debug("No prelogin URI, redirecting back to / instead.")
    redirect "/"
end

#try_login ⇒ Object

Attempt to log the user in. This is the action at which login forms should point (preferably using try_login_url).

Redirects back wherever they originally came from if login is successful, or the login page again if not.

# File 'lib/nitro/auth/auth_controller.rb', line 68

def try_login
    Logger.debug("Trying to log in.")
    user = nil
    login = request.params['login']
    password = request.params['password']
    user = User.find_one(:where => "login = '#{login}'") if login
    Logger.debug("Found user #{user.oid} with login #{login}.") if user

    if user and authenticate(user, password)
        session_key = user.session_key
        if session_key
            session_cookie = Cookie.new "login_session_key", session_key
            session_cookie.expires = user.session_key_expires
            response.add_cookie session_cookie
        end
        Logger.debug("Sending them back from whence they came.")
        return_to_original_location
    end

    Logger.debug("Login incorrect, sending them back to login page.")
    redirect login_url + "?allowed=false"
end

#try_login_url ⇒ Object

Spits out the url to the try-to-login action.

# File 'lib/nitro/auth/auth_controller.rb', line 31

def try_login_url
    "#{controller_name}/try_login"
end