To anybody that needs help with a concept of authentication in ruby heres how you do it. I won't include the project files but if you want them let me know.
I've got a model: AdminUser.
This contains all of the usernames etc for my admins.
If you open up the model I have defined a few actions:
This action lies within the user model. First it creates a user object from the username provided.
If the user == nil (doesnt exist) return false (the user didn't authenticate)
However if the user does exist, hash the password provided with the salt stored in the database.
If the hashed password matches that one in the database return the user object for further manipulation.
If it doesn't again tell the client it did not authenticate.
Now create a login form and view in your user controller that posts to the 'auth' action in the same controller.
This is what it looks like:
It runs the function we created earlier with the posted parameters.
If the object exists (which if you remember we returned if the user successfully logs in) then it will store the users ID and username in a session, set a flash notice and redirect to the menu action.
If not it goes back to the logon form.
Now to check if the users logged in.
Notice the before_filter.
Before any action within the controller runs it will run the confirm_logged_in action UNLESS the action the user is trying to navigate to is one of the ones listed (login, auth etc)
Place the confirm_logged_in action within your application controller with a PROTECTED state so all its children can access it. Heres how it looks:
Sorry if this seems rushed.. it was ^^. It is presuming you know ruby on rails
I've got a model: AdminUser.
This contains all of the usernames etc for my admins.
If you open up the model I have defined a few actions:
This action lies within the user model. First it creates a user object from the username provided.
If the user == nil (doesnt exist) return false (the user didn't authenticate)
However if the user does exist, hash the password provided with the salt stored in the database.
If the hashed password matches that one in the database return the user object for further manipulation.
If it doesn't again tell the client it did not authenticate.
Now create a login form and view in your user controller that posts to the 'auth' action in the same controller.
This is what it looks like:
It runs the function we created earlier with the posted parameters.
If the object exists (which if you remember we returned if the user successfully logs in) then it will store the users ID and username in a session, set a flash notice and redirect to the menu action.
If not it goes back to the logon form.
Now to check if the users logged in.
Notice the before_filter.
Code:
before_filter :confirm_logged_in, :except => [:login, :auth, :logout]Before any action within the controller runs it will run the confirm_logged_in action UNLESS the action the user is trying to navigate to is one of the ones listed (login, auth etc)
Place the confirm_logged_in action within your application controller with a PROTECTED state so all its children can access it. Heres how it looks:
Sorry if this seems rushed.. it was ^^. It is presuming you know ruby on rails
