Last active
February 8, 2016 17:46
-
-
Save 415DomSmith/a977a20c0a694ca69860 to your computer and use it in GitHub Desktop.
ruby sessions controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| before_action :confirm_logged_in, only: [:home] | |
| before_action :prevent_login_signup, only: [:signup, :login] | |
| def signup | |
| @user = User.new | |
| end | |
| def create | |
| @user = User.create(user_params) | |
| if @user.save | |
| session[:user_id] = @user.id | |
| flash[:success] = "You are now logged in!" | |
| redirect_to home_path | |
| else | |
| render :signup | |
| end | |
| end | |
| def login | |
| end | |
| def attempt_login | |
| if params[:username].present? && params[:password].present? | |
| found_user = User.where(username: params[:username]).first | |
| if found_user | |
| authorized_user = found_user.authenticate(params[:password]) | |
| end | |
| end | |
| if !found_user | |
| flash.now[:alert] = "Invalid username" | |
| render :login | |
| elsif !authorized_user | |
| flash.now[:alert] = "Invalid password" | |
| render :login | |
| else | |
| session[:user_id] = authorized_user.id | |
| flash[:success] = "You are now logged in." | |
| redirect_to home_path | |
| end | |
| end | |
| def home | |
| end | |
| def logout | |
| session[:user_id] = nil | |
| flash[:notice] = "Logged out" | |
| redirect_to login_path | |
| end | |
| private | |
| def user_params | |
| params.require(:user).permit(:username, :password, :password_digest) | |
| end | |
| get 'login', to: "sessions#login", as: 'login' | |
| get 'signup', to: "sessions#signup", as: 'signup' | |
| post 'login', to: "sessions#attempt_login" | |
| post 'signup', to: "sessions#create" | |
| get 'home', to: "sessions#home", as: 'home' | |
| delete 'logout', to: "sessions#logout" | |
| # ============================================ | |
| # ==== LOCAL LOGIN AND SECURITY METHODS ====== | |
| # ============================================ | |
| def confirm_logged_in | |
| unless session[:user_id] | |
| redirect_to login_path, alert: "Please log in" | |
| end | |
| end | |
| def confirm_admin | |
| unless current_user.is_admin | |
| redirect_to groups_path, alert: "You must be an admin to perform that action." | |
| end | |
| end | |
| # Stop a logged in user from going to the sign up page | |
| def prevent_login_signup | |
| if session[:user_id] | |
| redirect_to :back, notice: "You are already logged in" | |
| # what do you think redirect_to :back does? | |
| end | |
| end | |
| def ensure_correct_user | |
| unless params[:id] == session[:id] | |
| redirect_to login_path, flash: {alert: "Not Authorized"} | |
| end | |
| end | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment