tracks/app/controllers/login_controller.rb

class LoginController < ApplicationController
  
  layout 'login'
  filter_parameter_logging :user_password 
  skip_before_filter :set_session_expiration
  skip_before_filter :login_required
  before_filter :login_optional
  before_filter :get_current_user
  open_id_consumer if Tracks::Config.openid_enabled?
  
  def login
    @page_title = "TRACKS::Login"
    @openid_url = cookies[:openid_url] if Tracks::Config.openid_enabled?
    case request.method
      when :post
        if @user = User.authenticate(params['user_login'], params['user_password'])
          session['user_id'] = @user.id
          # If checkbox on login page checked, we don't expire the session after 1 hour
          # of inactivity and we remember this user for future browser sessions
          session['noexpiry'] = params['user_noexpiry']
          msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." 
          notify :notice, "Login successful: session #{msg}"
          cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year }
          unless should_expire_sessions?
            @user.remember_me
            cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at }
          end
          redirect_back_or_home
          return
        else
          @login = params['user_login']
          notify :warning, "Login unsuccessful"
        end
      when :get
        if User.no_users_yet?
          redirect_to :controller => 'users', :action => 'new'
          return
        end
    end
    respond_to do |format|
      format.html
      format.m   { render :action => 'login_mobile.html.erb', :layout => 'mobile' }
    end
  end
  
  def begin
    # If the URL was unusable (either because of network conditions,
    # a server error, or that the response returned was not an OpenID
    # identity page), the library will return HTTP_FAILURE or PARSE_ERROR.
    # Let the user know that the URL is unusable.
    case open_id_response.status
      when OpenID::SUCCESS
        session['openid_url'] = params[:openid_url]
        session['user_noexpiry'] = params[:user_noexpiry]
        # The URL was a valid identity URL. Now we just need to send a redirect
        # to the server using the redirect_url the library created for us.

        # redirect to the server
        respond_to do |format|
          format.html { redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), open_id_complete_url) }
          format.m { redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), formatted_open_id_complete_url(:format => 'm')) }
        end
      else
        notify :warning, "Unable to find openid server for <q>#{openid_url}</q>"
        redirect_to_login
    end
  end

  def complete
    openid_url = session['openid_url']
    if openid_url.blank?
      notify :error, "expected an openid_url"
    end
      
    case open_id_response.status
      when OpenID::FAILURE
        # In the case of failure, if info is non-nil, it is the
        # URL that we were verifying. We include it in the error
        # message to help the user figure out what happened.
        if open_id_response.identity_url
          msg = "Verification of #{openid_url}(#{open_id_response.identity_url}) failed. "
        else
          msg = "Verification failed. "
        end
        notify :error, open_id_response.msg.to_s + msg

      when OpenID::SUCCESS
        # Success means that the transaction completed without
        # error. If info is nil, it means that the user cancelled
        # the verification.
        @user = User.find_by_open_id_url(openid_url)
        unless (@user.nil?)
          session['user_id'] = @user.id
          session['noexpiry'] = session['user_noexpiry']
          msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." 
          notify :notice, "You have successfully verified #{openid_url} as your identity. Login successful: session #{msg}"
          cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year }
          unless should_expire_sessions?
            @user.remember_me
            cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at }
          end
          cookies[:openid_url] = { :value => openid_url, :expires => Time.now + 1.year }
          redirect_back_or_home
        else
          notify :warning, "You have successfully verified #{openid_url} as your identity, but you do not have a Tracks account. Please ask your administrator to sign you up."
        end

      when OpenID::CANCEL
        notify :warning, "Verification cancelled."

      else
        notify :warning, "Unknown response status: #{open_id_response.status}"
    end
    redirect_to_login unless performed?
  end

  def logout
    @user.forget_me if logged_in?
    cookies.delete :auth_token
    session['user_id'] = nil
    reset_session
    notify :notice, "You have been logged out of Tracks."
    redirect_to_login
  end
  
  def check_expiry
    # Gets called by periodically_call_remote to check whether 
    # the session has timed out yet
    unless session == nil
      if session
        return unless should_expire_sessions?
        # Get expiry time (allow ten seconds window for the case where we have none)
        expiry_time = session['expiry_time'] || Time.now + 10
        @time_left = expiry_time - Time.now
        if @time_left < (10*60) # Session will time out before the next check
          @msg = "Session has timed out. Please "
        else
          @msg = ""
        end
      end
    end
    respond_to do |format|
      format.js
    end
  end
  
  private
      
  def redirect_to_login
    respond_to do |format|
      format.html { redirect_to login_path }
      format.m { redirect_to formatted_login_path(:format => 'm') }
    end
  end
  
  def should_expire_sessions?
    session['noexpiry'] != "on"
  end
    
end
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`class LoginController < ApplicationController`

Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`layout 'login'`
Applied James Kebinger's patch to remove the password from the logs emitted by LoginController. Closes #521. Thanks, James! git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@552 a4c988fc-2ded-0310-b66e-134b36920a42 2007-06-08 04:01:11 +00:00			`filter_parameter_logging :user_password`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`skip_before_filter :set_session_expiration`
			`skip_before_filter :login_required`
This changeset adds real "remember me" functionality. The checkbox on the login page "Stay logged in" previously prevented an inactive session from expiring. Now, it also functions to remember that a user is logged in across browser sessions (i.e. a user exits the browser, and reopens it). I've also ensured that all tests (including selenium tests) are passing on my machine. This changeset should be back to stable and usable. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@561 a4c988fc-2ded-0310-b66e-134b36920a42 2007-07-08 06:41:10 +00:00			`before_filter :login_optional`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`before_filter :get_current_user`
			`open_id_consumer if Tracks::Config.openid_enabled?`

			`def login`
			`@page_title = "TRACKS::Login"`
			`@openid_url = cookies[:openid_url] if Tracks::Config.openid_enabled?`
			`case request.method`
			`when :post`
			`if @user = User.authenticate(params['user_login'], params['user_password'])`
			`session['user_id'] = @user.id`
			`# If checkbox on login page checked, we don't expire the session after 1 hour`
This changeset adds real "remember me" functionality. The checkbox on the login page "Stay logged in" previously prevented an inactive session from expiring. Now, it also functions to remember that a user is logged in across browser sessions (i.e. a user exits the browser, and reopens it). I've also ensured that all tests (including selenium tests) are passing on my machine. This changeset should be back to stable and usable. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@561 a4c988fc-2ded-0310-b66e-134b36920a42 2007-07-08 06:41:10 +00:00			`# of inactivity and we remember this user for future browser sessions`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`session['noexpiry'] = params['user_noexpiry']`
			`msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."`
			`notify :notice, "Login successful: session #{msg}"`
			`cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year }`
This changeset adds real "remember me" functionality. The checkbox on the login page "Stay logged in" previously prevented an inactive session from expiring. Now, it also functions to remember that a user is logged in across browser sessions (i.e. a user exits the browser, and reopens it). I've also ensured that all tests (including selenium tests) are passing on my machine. This changeset should be back to stable and usable. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@561 a4c988fc-2ded-0310-b66e-134b36920a42 2007-07-08 06:41:10 +00:00			`unless should_expire_sessions?`
			`@user.remember_me`
			`cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at }`
			`end`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`redirect_back_or_home`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`return`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`else`
			`@login = params['user_login']`
			`notify :warning, "Login unsuccessful"`
			`end`
			`when :get`
			`if User.no_users_yet?`
			`redirect_to :controller => 'users', :action => 'new'`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`return`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`end`
			`end`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`respond_to do \|format\|`
			`format.html`
fix login page for mobile view. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@843 a4c988fc-2ded-0310-b66e-134b36920a42 2008-05-12 15:45:37 +00:00			`format.m { render :action => 'login_mobile.html.erb', :layout => 'mobile' }`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`end`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`end`

			`def begin`
			`# If the URL was unusable (either because of network conditions,`
			`# a server error, or that the response returned was not an OpenID`
			`# identity page), the library will return HTTP_FAILURE or PARSE_ERROR.`
			`# Let the user know that the URL is unusable.`
			`case open_id_response.status`
			`when OpenID::SUCCESS`
			`session['openid_url'] = params[:openid_url]`
			`session['user_noexpiry'] = params[:user_noexpiry]`
			`# The URL was a valid identity URL. Now we just need to send a redirect`
			`# to the server using the redirect_url the library created for us.`

			`# redirect to the server`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`respond_to do \|format\|`
			`format.html { redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), open_id_complete_url) }`
			`format.m { redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), formatted_open_id_complete_url(:format => 'm')) }`
			`end`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`else`
			`notify :warning, "Unable to find openid server for <q>#{openid_url}</q>"`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`redirect_to_login`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`end`
			`end`

			`def complete`
			`openid_url = session['openid_url']`
			`if openid_url.blank?`
			`notify :error, "expected an openid_url"`
			`end`

			`case open_id_response.status`
			`when OpenID::FAILURE`
			`# In the case of failure, if info is non-nil, it is the`
			`# URL that we were verifying. We include it in the error`
			`# message to help the user figure out what happened.`
			`if open_id_response.identity_url`
			`msg = "Verification of #{openid_url}(#{open_id_response.identity_url}) failed. "`
			`else`
			`msg = "Verification failed. "`
			`end`
			`notify :error, open_id_response.msg.to_s + msg`

			`when OpenID::SUCCESS`
			`# Success means that the transaction completed without`
			`# error. If info is nil, it means that the user cancelled`
			`# the verification.`
			`@user = User.find_by_open_id_url(openid_url)`
			`unless (@user.nil?)`
			`session['user_id'] = @user.id`
			`session['noexpiry'] = session['user_noexpiry']`
			`msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."`
			`notify :notice, "You have successfully verified #{openid_url} as your identity. Login successful: session #{msg}"`
			`cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year }`
This changeset adds real "remember me" functionality. The checkbox on the login page "Stay logged in" previously prevented an inactive session from expiring. Now, it also functions to remember that a user is logged in across browser sessions (i.e. a user exits the browser, and reopens it). I've also ensured that all tests (including selenium tests) are passing on my machine. This changeset should be back to stable and usable. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@561 a4c988fc-2ded-0310-b66e-134b36920a42 2007-07-08 06:41:10 +00:00			`unless should_expire_sessions?`
			`@user.remember_me`
			`cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at }`
			`end`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`cookies[:openid_url] = { :value => openid_url, :expires => Time.now + 1.year }`
			`redirect_back_or_home`
			`else`
			`notify :warning, "You have successfully verified #{openid_url} as your identity, but you do not have a Tracks account. Please ask your administrator to sign you up."`
			`end`

			`when OpenID::CANCEL`
			`notify :warning, "Verification cancelled."`

			`else`
			`notify :warning, "Unknown response status: #{open_id_response.status}"`
			`end`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`redirect_to_login unless performed?`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`end`

			`def logout`
This changeset adds real "remember me" functionality. The checkbox on the login page "Stay logged in" previously prevented an inactive session from expiring. Now, it also functions to remember that a user is logged in across browser sessions (i.e. a user exits the browser, and reopens it). I've also ensured that all tests (including selenium tests) are passing on my machine. This changeset should be back to stable and usable. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@561 a4c988fc-2ded-0310-b66e-134b36920a42 2007-07-08 06:41:10 +00:00			`@user.forget_me if logged_in?`
			`cookies.delete :auth_token`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`session['user_id'] = nil`
			`reset_session`
			`notify :notice, "You have been logged out of Tracks."`
Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`redirect_to_login`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`end`

			`def check_expiry`
			`# Gets called by periodically_call_remote to check whether`
			`# the session has timed out yet`
			`unless session == nil`
			`if session`
			`return unless should_expire_sessions?`
			`# Get expiry time (allow ten seconds window for the case where we have none)`
			`expiry_time = session['expiry_time'] \|\| Time.now + 10`
			`@time_left = expiry_time - Time.now`
			`if @time_left < (10*60) # Session will time out before the next check`
			`@msg = "Session has timed out. Please "`
			`else`
			`@msg = ""`
			`end`
			`end`
			`end`
Merged rails2-branch back into trunk. Trunk Tracks is now using Rails 2.0.2. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@837 a4c988fc-2ded-0310-b66e-134b36920a42 2008-04-28 05:53:24 +00:00			`respond_to do \|format\|`
			`format.js`
			`end`
And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`end`

			`private`

Fix #498 (cannot login using mobile interface) by introducing a login page specialized for mobile devices. To support this, I added named routes for the login paths and pulled up the mobile content negotiation code to the ApplicationController. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@531 a4c988fc-2ded-0310-b66e-134b36920a42 2007-04-16 02:19:20 +00:00			`def redirect_to_login`
			`respond_to do \|format\|`
			`format.html { redirect_to login_path }`
			`format.m { redirect_to formatted_login_path(:format => 'm') }`
			`end`
			`end`

And here's the copy step. git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@501 a4c988fc-2ded-0310-b66e-134b36920a42 2007-03-30 04:36:52 +00:00			`def should_expire_sessions?`
			`session['noexpiry'] != "on"`
			`end`

			`end`