diff --git a/Pearlception/app/controllers/application_controller.rb b/Pearlception/app/controllers/application_controller.rb index d620036..503e8f2 100644 --- a/Pearlception/app/controllers/application_controller.rb +++ b/Pearlception/app/controllers/application_controller.rb @@ -1,6 +1,9 @@ class ApplicationController < ActionController::Base + before_filter :configure_permitted_parameters, if: :devise_controller? + protect_from_forgery with: :exception - protected +protected + def authenticate_user if session[:user_id] # set current user object to @current_user object variable @@ -11,6 +14,7 @@ class ApplicationController < ActionController::Base return false end end + def save_login_state if session[:user_id] redirect_to(:controller => 'sessions', :action => 'home') @@ -19,4 +23,12 @@ class ApplicationController < ActionController::Base return true end end + + def configure_permitted_parameters + puts "CONFIG PARAMS" + devise_parameter_sanitizer.permit(:sign_in) do |user_params| + user_params.permit(:email, :password, :remember_me) + end + end + end diff --git a/Pearlception/app/controllers/registrations_controller.rb b/Pearlception/app/controllers/registrations_controller.rb index b17fba2..96af38b 100644 --- a/Pearlception/app/controllers/registrations_controller.rb +++ b/Pearlception/app/controllers/registrations_controller.rb @@ -5,33 +5,38 @@ class RegistrationsController < Devise::RegistrationsController Apartment::Tenant.switch! end - + #Method to create a new User def create - @user = User.new(sign_up_params) - + user_params = sign_up_params + @user = User.new(user_params) + #if either the password or password confirmation is missing, redirect to sign in again + puts params + if user_params[:password] == nil || user_params[:password_confirmation] == nil + flash[:error] = "Need a password to sign up" + redirect_to '/signin' and return + end if params[:company_serial] - params.require(:user).permit(:company_id) company = Company.find_by(company_token: params[:company_serial]) - if company @user.company_id = company.id if company.company_name == "IVA" @user.admin = true end - else end - - else end @user.save sign_in @user if !@user.admin Apartment::Tenant.switch(Company.find(@user.company_id).company_name.gsub(/'/,'').gsub(/\s/,'')) end - redirect_to "/" + redirect_to "/" and return end + private + + #Param checking method for creation of a new user def sign_up_params params.require(:user).permit(:email, :password, :password_confirmation) end + end diff --git a/Pearlception/app/controllers/sessions_controller.rb b/Pearlception/app/controllers/sessions_controller.rb index 2b4870e..fdd9dfc 100644 --- a/Pearlception/app/controllers/sessions_controller.rb +++ b/Pearlception/app/controllers/sessions_controller.rb @@ -1,10 +1,19 @@ class SessionsController < Devise::RegistrationsController include ApplicationHelper - #def new - # Apartment::Tenant.switch! - #end + + def new + super + end def create + user_parameters = sign_in_params + @user = User.find_by(email: user_parameters[:email]) + if @user == nil || !@user.valid_password?(user_parameters[:password]) + redirect_to "/signin" + return + end + super + #Do we need this code below? It was never running before resource = warden.authenticate!(:scope => :user) sign_in(:user, resource) if !current_user.admin @@ -12,4 +21,11 @@ class SessionsController < Devise::RegistrationsController end redirect_to "/" end + +private + + def sign_in_params + params.require(:user).permit(:email,:password,:remember_me) + end + end diff --git a/Pearlception/config/routes.rb b/Pearlception/config/routes.rb index d958c2f..47f42e1 100644 --- a/Pearlception/config/routes.rb +++ b/Pearlception/config/routes.rb @@ -8,7 +8,7 @@ Rails.application.routes.draw do resources :companies resources :grades - devise_for :users, :controllers => {:registrations => 'registrations'} + devise_for :users, :controllers => {:registrations => 'registrations', :sessions => "sessions"} devise_scope :users do get 'signin' => 'registrations#new' post 'signin' => 'registrations#create'