public
Last active

Sample of Sinatra authentication

  • Download Gist
login.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
require 'rubygems'
require 'bcrypt'
require 'haml'
require 'sinatra'
 
enable :sessions
 
userTable = {}
 
helpers do
def login?
if session[:username].nil?
return false
else
return true
end
end
def username
return session[:username]
end
end
 
get "/" do
haml :index
end
 
get "/signup" do
haml :signup
end
 
post "/signup" do
password_salt = BCrypt::Engine.generate_salt
password_hash = BCrypt::Engine.hash_secret(params[:password], password_salt)
#ideally this would be saved into a database, hash used just for sample
userTable[params[:username]] = {
:salt => password_salt,
:passwordhash => password_hash
}
session[:username] = params[:username]
redirect "/"
end
 
post "/login" do
if userTable.has_key?(params[:username])
user = userTable[params[:username]]
if user[:passwordhash] == BCrypt::Engine.hash_secret(params[:password], user[:salt])
session[:username] = params[:username]
redirect "/"
end
end
haml :error
end
 
get "/logout" do
session[:username] = nil
redirect "/"
end
 
__END__
@@layout
!!! 5
%html
%head
%title Sinatra Authentication
%body
=yield
@@index
-if login?
%h1= "Welcome #{username}!"
%a{:href => "/logout"} Logout
-else
%form(action="/login" method="post")
%div
%label(for="username")Username:
%input#username(type="text" name="username")
%div
%label(for="password")Password:
%input#password(type="password" name="password")
%div
%input(type="submit" value="Login")
%input(type="reset" value="Clear")
%p
%a{:href => "/signup"} Signup
@@signup
%p Enter the username and password!
%form(action="/signup" method="post")
%div
%label(for="username")Username:
%input#username(type="text" name="username")
%div
%label(for="password")Password:
%input#password(type="password" name="password")
%div
%label(for="checkpassword")Password:
%input#password(type="password" name="checkpassword")
%div
%input(type="submit" value="Sign Up")
%input(type="reset" value="Clear")
@@error
%p Wrong username or password
%p Please try again!

For lines 12 to 18 you could write something like session[:username].nil? ? false : true instead, right? Also, no need for all the returns.

@rafalchmiel: You could just use !!session[:username]. nil evaluates to false, so by negating it twice you force it to a bool. If there is a username in there, you will force the value to true.

If you want to use your code, !session[:username].nil? would do the job as well.

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.