ansaurus

Question

Authenticating a User In a Separate Controller with Restful_authentication

Answer 1

A:

I've tested this code on Rails 2.3.4 and it works; the user remains logged in. Bear in mind that you should try to refactor so that the authentication code lives in a single place, rather than having it duplicated in several controllers.

Note also that the authentication code in this snippet is a simplified version of that in the Sessions controller, & so doesn't handle any of the 'remember me' functionality.

# POST /stacks
# POST /stacks.xml
def create
  @stack = Stack.new(params[:stack])

  if params[:login] && params[:password]
    logout_keeping_session!
    user = User.authenticate(params[:login], params[:password])
    self.current_user = user
  end

  respond_to do |format|
    if !user
      flash[:error] = 'Login details incorrect.'
      format.html { render :action => "new" }
      format.xml  { render :xml => @stack.errors, :status => :unprocessable_entity }
    elsif @stack.save
      flash[:notice] = 'Stack was successfully created.'
      format.html { redirect_to(@stack) }
      format.xml  { render :xml => @stack, :status => :created, :location => @stack }
    else
      format.html { render :action => "new" }
      format.xml  { render :xml => @stack.errors, :status => :unprocessable_entity }
    end
  end
end

Duncan Bayne 2009-12-06 22:28:25

Nigel Thorne (http://stackoverflow.com/users/23963/nigel-thorne) has suggested that the failure to authenticate should really return an HTTP 401 (Unauthorized) rather than any errors in @stack. He's right, too :-)

Duncan Bayne 2009-12-08 23:08:29

Or, in the non-XML case, redirect to the login page.

Duncan Bayne 2009-12-08 23:09:01

ansaurus

tags:

views:

answers:

Authenticating a User In a Separate Controller with Restful_authentication

related questions