Class SessionsController
In: app/controllers/sessions_controller.rb
Parent: ApplicationController
File:sessions_controller.rb
(C):Hipposoft 2008, 2009
Purpose:Manage OpenID logins. Originally created from examples in the open_id_authentication plugin.

          06-Jan-2008 (ADH): Created.

Methods

Public Instance methods

Called when the sign in form is submitted or when the OpenID plug- in has completed a sign-in attempt, successfully or otherwise.

[Source]

    # File app/controllers/sessions_controller.rb, line 19
19:   def create
20:     identity_url = params[ :openid_url ]
21: 
22:     # Identity URL is *not* nil, but *is* empty? Form was submitted
23:     # with an empty string. URL is *not* nil and is *not* empty? Form
24:     # was submitted with a URL; call authentication routine. URL *is*
25:     # nil? We're being called from the Open ID plug-in with the result
26:     # of a sign-in attempt. Again, call the authentication routine but
27:     # don't try and read the JavaScript detection field.
28: 
29:     if ( not identity_url.nil? and identity_url.empty? )
30:       failed_login( 'You must provide an ID.')
31:     else
32:       identity_url = User.rationalise_id( identity_url )
33:       session[ :javascript ] = params[ :javascript ] unless ( identity_url.nil? )
34:       open_id_authentication()
35:     end
36: 
37:   rescue => error
38:     failed_login( "An unexpected error was encountered: #{ error.message }" )
39:   end

Sign out - may be called by a normal user or if a user decides to cancel during the sign-up process.

[Source]

    # File app/controllers/sessions_controller.rb, line 44
44:   def destroy
45:     user   = @current_user
46:     normal = ( @current_user and ( not @current_user.name.nil? ) and ( not @current_user.name.empty? ) )
47:     reset_session()
48: 
49:     if ( normal )
50:       flash[ :notice ] = 'You have signed out.'
51:     else
52:       user.destroy() if ( user )
53:       flash[ :error ] = 'Sign in process aborted.'
54:     end
55: 
56:     redirect_to( signin_path() )
57:   end

Protected Instance methods

[Source]

     # File app/controllers/sessions_controller.rb, line 61
 61:   def open_id_authentication()
 62: 
 63:     authenticate_with_open_id do | result, identity_url |
 64:       identity_url = User.rationalise_id( identity_url )
 65: 
 66:       if result.successful?
 67: 
 68:         # The OpenID sign in went OK. If we can find an active user
 69:         # with that ID, sign in is complete. If there's an inactive
 70:         # user, complain. Otherwise, create a new user account - if
 71:         # this is the first user, any OpenID will do; else it must
 72:         # be in the permitted list.
 73: 
 74:         if ( @current_user = User.active.find_by_identity_url( identity_url ) )
 75:           successful_login()
 76: 
 77:         elsif ( User.inactive.find_by_identity_url( identity_url ) )
 78:           failed_login( "The account for OpenID '#{ identity_url }' has been deactivated. Please contact your system administrator for assistance." )
 79: 
 80:         else
 81:           # Handle very first login auto-creation of the admin account
 82: 
 83:           if ( User.count.zero? )
 84: 
 85:             # Do this here because redirecting to the User controller
 86:             # would require an exposed URL that could be used to try
 87:             # and create users without OpenID authentication.
 88: 
 89:             user_type = 'Admin'
 90: 
 91:             @current_user = User.new
 92:             @current_user.assign_defaults( nil, identity_url, user_type )
 93:             @current_user.save!
 94: 
 95:             new_login()
 96: 
 97:           else
 98: 
 99:             # The identity URL does not match any existing user and the
100:             # administrator account already exists.
101: 
102:             failed_login( "Sorry, OpenID '#{ identity_url }' is not permitted to use this service. Please contact your system administrator for assistance.")
103: 
104:           end
105:         end
106: 
107:       else
108:         # The OpenID login attempt failed.
109:         failed_login( result.message )
110: 
111:       end
112:     end
113:   end

[Validate]