Created
January 4, 2015 22:02
-
-
Save gogogarrett/7738bcc1d69fda50ca64 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class ApplicationController < ActionController::Base | |
# Prevent CSRF attacks by raising an exception. | |
# For APIs, you may want to use :null_session instead. | |
protect_from_forgery with: :exception | |
before_action :authorize_user! | |
protected | |
def authorize_user! | |
unauthorized! unless current_user | |
end | |
def unauthorized!(path = main_app.login_path, message = "Unauthorized!") | |
redirect_to path, alert: message | |
end | |
def warden | |
env['warden'] | |
end | |
def current_user | |
warden.user | |
end | |
helper_method :current_user | |
def logged_in? | |
current_user.present? | |
end | |
helper_method :logged_in? | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class SessionsController < ApplicationController | |
skip_before_action :authorize_user!, only: [:new, :create] | |
def new | |
flash.now.alert = warden.message if warden.message | |
end | |
def create | |
if warden.authenticate! | |
redirect_to root_path, notice: "Logged in!" | |
else | |
logout("There was an error processing your login. Please try again.") | |
end | |
end | |
def destroy | |
logout("Logged out!") | |
end | |
private | |
def logout(message) | |
warden.logout | |
redirect_to root_url, alert: message | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
= form_tag sessions_path, method: :post do | |
= label_tag :login, "Email or login" | |
= text_field_tag :login, params[:email], placeholder: "example@example.org" | |
= label_tag :password, "Password" | |
= password_field_tag :password, nil, placeholder: "Password" | |
= button_tag "Login", type: "submit" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class User < ActiveRecord::Base | |
has_secure_password | |
def to_s | |
"#{first_name} #{last_name}".titleize | |
end | |
def to_param | |
login | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'warden' | |
Rails.application.config.middleware.use Warden::Manager do |config| | |
config.default_strategies :password | |
config.failure_app = lambda { |env| SessionsController.action(:new).call(env) } | |
end | |
Warden::Manager.serialize_into_session { |user| user.id } | |
Warden::Manager.serialize_from_session { |id| User.find(id) } | |
Warden::Strategies.add(:password) do | |
def valid? | |
params['login'] && params['password'] | |
end | |
def authenticate! | |
user = User.find_by(email: params['login']) || User.find_by(login: params['login']) | |
if user && user.authenticate(params['password']) | |
success! user | |
else | |
fail "Invalid email or password" | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment