Class: UserTasks
- Inherits:
-
Volt::Task
- Object
- Volt::Task
- UserTasks
- Defined in:
- app/volt/tasks/user_tasks.rb
Instance Method Summary collapse
-
#login(login_info) ⇒ Object
Login a user, takes a login and password.
Methods inherited from Volt::Task
inherited, #initialize, known_handlers, method_missing, #store
Constructor Details
This class inherits a constructor from Volt::Task
Instance Method Details
#login(login_info) ⇒ Object
Login a user, takes a login and password. Login can be either a username or an e-mail based on Volt.config.public.auth.use_username
login_info is a key with login and password (login may be e-mail)
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'app/volt/tasks/user_tasks.rb', line 6 def login(login_info) login = login_info['login'] password = login_info['password'] query = { User.login_field => login } # During login we need access to the user's info even though we aren't the user Volt. do store._users.where(query).fetch_first do |user| fail VoltUserError, 'User could not be found' unless user match_pass = BCrypt::Password.new(user._hashed_password) fail 'Password did not match' unless match_pass == password fail 'app_secret is not configured' unless Volt.config.app_secret # TODO: returning here should be possible, but causes some issues # Salt the user id with the app_secret so the end user can't # tamper with the cookie signature = Digest::SHA256.hexdigest(salty_user_id(user._id)) # Return user_id:hash on user id next "#{user._id}:#{signature}" end end end |