Skip to content

Instantly share code, notes, and snippets.

@gogogarrett
Created January 4, 2015 22:02
Show Gist options
  • Save gogogarrett/7738bcc1d69fda50ca64 to your computer and use it in GitHub Desktop.
Save gogogarrett/7738bcc1d69fda50ca64 to your computer and use it in GitHub Desktop.
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_action :authorize_user!
protected
def authorize_user!
unauthorized! unless current_user
end
def unauthorized!(path = main_app.login_path, message = "Unauthorized!")
redirect_to path, alert: message
end
def warden
env['warden']
end
def current_user
warden.user
end
helper_method :current_user
def logged_in?
current_user.present?
end
helper_method :logged_in?
end
class SessionsController < ApplicationController
skip_before_action :authorize_user!, only: [:new, :create]
def new
flash.now.alert = warden.message if warden.message
end
def create
if warden.authenticate!
redirect_to root_path, notice: "Logged in!"
else
logout("There was an error processing your login. Please try again.")
end
end
def destroy
logout("Logged out!")
end
private
def logout(message)
warden.logout
redirect_to root_url, alert: message
end
end
= form_tag sessions_path, method: :post do
= label_tag :login, "Email or login"
= text_field_tag :login, params[:email], placeholder: "example@example.org"
= label_tag :password, "Password"
= password_field_tag :password, nil, placeholder: "Password"
= button_tag "Login", type: "submit"
class User < ActiveRecord::Base
has_secure_password
def to_s
"#{first_name} #{last_name}".titleize
end
def to_param
login
end
end
require 'warden'
Rails.application.config.middleware.use Warden::Manager do |config|
config.default_strategies :password
config.failure_app = lambda { |env| SessionsController.action(:new).call(env) }
end
Warden::Manager.serialize_into_session { |user| user.id }
Warden::Manager.serialize_from_session { |id| User.find(id) }
Warden::Strategies.add(:password) do
def valid?
params['login'] && params['password']
end
def authenticate!
user = User.find_by(email: params['login']) || User.find_by(login: params['login'])
if user && user.authenticate(params['password'])
success! user
else
fail "Invalid email or password"
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment