@@ -7,28 +7,7 @@ class SessionsController < ApplicationController end def create - params[:login] = params[:login].downcase - self.current_user = current_site.users.authenticate(params[:login], params[:password]) - - if logged_in? - if params[:remember_me] == "1" - current_user.remember_me - cookies[:auth_token] = { :value => current_user.remember_token , :expires => current_user.remember_token_expires_at } - end - redirect_back_or_default('/') - flash[:notice] = "Logged in successfully" - else - if using_open_id? - cookies[:use_open_id] = {:value => '1', :expires => 1.year.from_now.utc} - open_id_authentication(params[:openid_url]) - else - cookies[:use_open_id] = {:value => '0', :expires => 1.year.ago.utc} - password_authentication params[:login], params[:password] - end - end - end - - def create + reset_session if using_open_id? cookies[:use_open_id] = {:value => '1', :expires => 1.year.from_now.utc} open_id_authentication(params[:openid_url]) @@ -50,7 +29,7 @@ class SessionsController < ApplicationController protected def password_authentication(name, password) - if @current_user = current_site.users.authenticate(params[:name], params[:password]) + if @current_user = current_site.users.authenticate(name, password) successful_login else failed_login "Sorry, that username/password doesn't work" @@ -85,13 +64,16 @@ class SessionsController < ApplicationController private def successful_login flash[:notice] = 'You are now logged in! Welcome.' + new_cookie_flag = (params[:remember_me] == "1") + handle_remember_cookie! new_cookie_flag session[:user_id] = @current_user.id redirect_back_or_default('/') end def failed_login(message) + @remember_me = params[:remember_me] flash[:error] = message - redirect_to(new_session_url) + render :action => "new" end end app/controllers/sessions_controller.rb @@ -201,7 +201,7 @@ module AuthenticatedSystem end def send_remember_cookie! - cookies[:auth_token] = { + cookies['auth_token'] = { :value => @current_user.remember_token, :expires => @current_user.remember_token_expires_at } end lib/authenticated_system.rb @@ -57,7 +57,7 @@ describe SessionsController, "DELETE /destroy" do it_redirects_to { '/' } it 'deletes token on logout' do - acting.cookies["auth_token"].should == [] + acting.cookies["auth_token"].should be_nil end end spec/controllers/sessions_controller_spec.rb 226d57c68442a7e2991f61377ddf753916647ee4 c3 courtenay@entp.com http://github.com/courtenay/altered_beast/commit/cf728e95458c0d8e83924362eea79fd54e4e0b9f cf728e95458c0d8e83924362eea79fd54e4e0b9f 2009-08-04T17:57:09-07:00 2009-08-04T17:56:26-07:00 Cleanup bad merges, warnings, test fails 2a6bcfc8ba8207b60400a41c476ecee3d4070c9d c3 courtenay@entp.com