Class SessionsController
In: app/controllers/sessions_controller.rb
Parent: ApplicationController

This controller handles the login/logout function of the site.

Methods

captcha?   create   denied   destroy   new   note_failed_signin  

Included Modules

ReCaptcha::AppHelper Constants::Login

Public Instance methods

captcha?()

[Source]

    # File app/controllers/sessions_controller.rb, line 49
49:   def captcha?
50:     @captcha_valid = (login_attempts < MAX_LOGIN_ATTEMPTS || validate_recap(params, User.new.errors))
51:   end
create()

[Source]

    # File app/controllers/sessions_controller.rb, line 16
16:   def create
17:     logout_keeping_session!
18:     user = User.authenticate(params[:email], params[:password]) || User.new
19:     @captcha_valid = (login_attempts < MAX_LOGIN_ATTEMPTS || validate_recap(params, user.errors))
20:     if !user.new_record? && @captcha_valid
21:       # Protects against session fixation attacks, causes request forgery
22:       # protection if user resubmits an earlier form using back
23:       # button. Uncomment if you understand the tradeoffs.
24:       # reset_session
25:       self.current_user = user
26:       new_cookie_flag = (params[:remember_me] == "1")
27:       handle_remember_cookie! new_cookie_flag
28:       setup_user
29:       redirect_back_or_default('/')
30:       failed_logins { |l| l.delete }
31:       flash.now[:notice] = t('sessions.success')
32:     else
33:       note_failed_signin
34:       @email       = params[:email]
35:       @remember_me = params[:remember_me]
36:       render :action => 'new'
37:     end
38:   end
denied()

[Source]

    # File app/controllers/sessions_controller.rb, line 14
14:   def denied; end
destroy()

[Source]

    # File app/controllers/sessions_controller.rb, line 40
40:   def destroy
41:     save_prompt_to_visit if active_prompt
42:     locale = session[:locale]
43:     logout_keeping_session!
44:     self.locale = locale
45:     flash.now[:notice] = t('sessions.logout')
46:     redirect_back_or_default('/')
47:   end
new()

caches_page :new, :denied, :layout => false

[Source]

    # File app/controllers/sessions_controller.rb, line 12
12:   def new; end

Protected Instance methods

note_failed_signin()

Track failed login attempts

[Source]

    # File app/controllers/sessions_controller.rb, line 55
55:   def note_failed_signin
56:     flash.now[:error] = "#{t('sessions.fail')} '#{params[:email].to_s}'"
57:     if @captcha_valid == false
58:       flash.now[:error] = "#{t('sessions.captcha_error')}<br/><br/>#{flash[:error]}"
59:     else
60:       failed_logins { |logins| logins.update_attribute(:value, logins.value.to_i + 1) } ||
61:       Param.create(:name => current_visit.ip_address, :value => 1)
62:     end
63:     logger.warn "Failed login for '#{params[:email]}' from #{request.remote_ip} with visit #{current_visit_id} at #{Time.now.utc}"
64:   end

[Validate]