From 798463f52c6b15e586932a1e70b28586e643e291 Mon Sep 17 00:00:00 2001 From: Michael Hartl Date: Thu, 26 Aug 2010 16:29:59 -0700 Subject: [PATCH] Working user signin --- app/controllers/application_controller.rb | 1 + app/controllers/sessions_controller.rb | 3 ++- app/helpers/sessions_helper.rb | 28 ++++++++++++++++++++ app/models/user.rb | 11 +++++--- spec/controllers/sessions_controller_spec.rb | 19 +++++++++++++ 5 files changed, 58 insertions(+), 4 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e8065d9..6d4bf3c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,3 +1,4 @@ class ApplicationController < ActionController::Base protect_from_forgery + include SessionsHelper end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a914006..5569ec3 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,7 +12,8 @@ def create @title = "Sign in" render 'new' else - # Handle successful signin. + sign_in user + redirect_to user end end diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb index 309f8b2..b1bcce2 100644 --- a/app/helpers/sessions_helper.rb +++ b/app/helpers/sessions_helper.rb @@ -1,2 +1,30 @@ module SessionsHelper + + def sign_in(user) + cookies.permanent.signed[:remember_token] = [user.id, user.salt] + current_user = user + end + + def current_user=(user) + @current_user = user + end + + def current_user + @current_user ||= user_from_remember_token + end + + def signed_in? + !current_user.nil? + end + + private + + def user_from_remember_token + User.authenticate_with_salt(*remember_token) + end + + def remember_token + cookies.signed[:remember_token] || [nil, nil] + end end + diff --git a/app/models/user.rb b/app/models/user.rb index 8a7dee0..cd0cb8b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,5 +1,5 @@ # == Schema Information -# Schema version: 20100822204528 +# Schema version: 20100822233125 # # Table name: users # @@ -9,6 +9,7 @@ # created_at :datetime # updated_at :datetime # encrypted_password :string(255) +# salt :string(255) # class User < ActiveRecord::Base @@ -35,8 +36,12 @@ def has_password?(submitted_password) class << self def authenticate(email, submitted_password) user = find_by_email(email) - return nil if user.nil? - return user if user.has_password?(submitted_password) + (user && user.has_password?(submitted_password)) ? user : nil + end + + def authenticate_with_salt(id, cookie_salt) + user = find_by_id(id) + (user && user.salt == cookie_salt) ? user : nil end end diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index 24c113c..68a7a44 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -38,5 +38,24 @@ flash.now[:error].should =~ /invalid/i end end + + describe "success" do + + before(:each) do + @user = Factory(:user) + @attr = { :email => @user.email, :password => @user.password } + end + + it "should sign the user in" do + post :create, :session => @attr + controller.current_user.should == @user + controller.should be_signed_in + end + + it "should redirect to the user show page" do + post :create, :session => @attr + response.should redirect_to(user_path(@user)) + end + end end end