changeset 5: |
233c1cbacd12 |
parent 4: | 43c5e6930eee |
child 6: | ebbe8fce79fb |
author: |
moriq@moriq.com |
date: |
Wed Mar 05 01:21:23 2008 +0900 (16 years ago) |
files: |
app/controllers/sessions_controller.rb app/controllers/users_controller.rb app/models/user.rb |
description: |
generate authenticated. |
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/app/controllers/sessions_controller.rb Wed Mar 05 01:21:23 2008 +0900
@@ -0,0 +1,31 @@
+# This controller handles the login/logout function of the site.
+class SessionsController < ApplicationController
+ # Be sure to include AuthenticationSystem in Application Controller instead
+ include AuthenticatedSystem
+
+ # render new.rhtml
+ def new
+ end
+
+ def create
+ self.current_user = User.authenticate(params[:login], params[:password])
+ if logged_in?
+ if params[:remember_me] == "1"
+ self.current_user.remember_me
+ cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+ end
+ redirect_back_or_default('/')
+ flash[:notice] = "Logged in successfully"
+ else
+ render :action => 'new'
+ end
+ end
+
+ def destroy
+ self.current_user.forget_me if logged_in?
+ cookies.delete :auth_token
+ reset_session
+ flash[:notice] = "You have been logged out."
+ redirect_back_or_default('/')
+ end
+end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/app/controllers/users_controller.rb Wed Mar 05 01:21:23 2008 +0900
@@ -0,0 +1,27 @@
+class UsersController < ApplicationController
+ # Be sure to include AuthenticationSystem in Application Controller instead
+ include AuthenticatedSystem
+
+
+ # render new.rhtml
+ def new
+ end
+
+ def create
+ cookies.delete :auth_token
+ # protects against session fixation attacks, wreaks havoc with
+ # request forgery protection.
+ # uncomment at your own risk
+ # reset_session
+ @user = User.new(params[:user])
+ @user.save
+ if @user.errors.empty?
+ self.current_user = @user
+ redirect_back_or_default('/')
+ flash[:notice] = "Thanks for signing up!"
+ else
+ render :action => 'new'
+ end
+ end
+
+end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/app/models/user.rb Wed Mar 05 01:21:23 2008 +0900
@@ -0,0 +1,78 @@
+require 'digest/sha1'
+class User < ActiveRecord::Base
+ # Virtual attribute for the unencrypted password
+ attr_accessor :password
+
+ validates_presence_of :login, :email
+ validates_presence_of :password, :if => :password_required?
+ validates_presence_of :password_confirmation, :if => :password_required?
+ validates_length_of :password, :within => 4..40, :if => :password_required?
+ validates_confirmation_of :password, :if => :password_required?
+ validates_length_of :login, :within => 3..40
+ validates_length_of :email, :within => 3..100
+ validates_uniqueness_of :login, :email, :case_sensitive => false
+ before_save :encrypt_password
+
+ # prevents a user from submitting a crafted form that bypasses activation
+ # anything else you want your user to change should be added here.
+ attr_accessible :login, :email, :password, :password_confirmation
+
+ # Authenticates a user by their login name and unencrypted password. Returns the user or nil.
+ def self.authenticate(login, password)
+ u = find_by_login(login) # need to get the salt
+ u && u.authenticated?(password) ? u : nil
+ end
+
+ # Encrypts some data with the salt.
+ def self.encrypt(password, salt)
+ Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+ end
+
+ # Encrypts the password with the user salt
+ def encrypt(password)
+ self.class.encrypt(password, salt)
+ end
+
+ def authenticated?(password)
+ crypted_password == encrypt(password)
+ end
+
+ def remember_token?
+ remember_token_expires_at && Time.now.utc < remember_token_expires_at
+ end
+
+ # These create and unset the fields required for remembering users between browser closes
+ def remember_me
+ remember_me_for 2.weeks
+ end
+
+ def remember_me_for(time)
+ remember_me_until time.from_now.utc
+ end
+
+ def remember_me_until(time)
+ self.remember_token_expires_at = time
+ self.remember_token = encrypt("#{email}--#{remember_token_expires_at}")
+ save(false)
+ end
+
+ def forget_me
+ self.remember_token_expires_at = nil
+ self.remember_token = nil
+ save(false)
+ end
+
+ protected
+ # before filter
+ def encrypt_password
+ return if password.blank?
+ self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+ self.crypted_password = encrypt(password)
+ end
+
+ def password_required?
+ crypted_password.blank? || !password.blank?
+ end
+
+
+end