songtianlun
a54ebdbf23
- Implement AccountActivationsController for activation logic - Create UserMailer for sending activation emails - Update SessionsController to handle unactivated users - Modify UsersController to restrict access to activated users - Add activation fields to User model and database migration - Create views for account activation emails - Add tests for account activation functionality
54 lines
1.2 KiB
Ruby
54 lines
1.2 KiB
Ruby
module SessionsHelper
|
|
def log_in(user)
|
|
session[:user_id] = user.id
|
|
# 防范会话重放攻击
|
|
session[:session_token] = user.session_token
|
|
end
|
|
|
|
def remember(user)
|
|
user.remember
|
|
cookies.permanent.encrypted[:user_id] = user.id
|
|
cookies.permanent[:remember_token] = user.remember_token
|
|
end
|
|
|
|
def current_user
|
|
if (user_id = session[:user_id])
|
|
user = User.find_by(id: user_id)
|
|
if user && session[:session_token] == user.session_token
|
|
@current_user = user
|
|
end
|
|
elsif (user_id = cookies.encrypted[:user_id])
|
|
user = User.find_by(id: user_id)
|
|
if user && user.authenticated?(:remember, cookies[:remember_token])
|
|
log_in user
|
|
@current_user = user
|
|
end
|
|
end
|
|
end
|
|
|
|
def logged_in?
|
|
!current_user.nil?
|
|
end
|
|
|
|
def forget(user)
|
|
user.forget
|
|
cookies.delete(:user_id)
|
|
cookies.delete(:remember_token)
|
|
end
|
|
|
|
def log_out
|
|
forget(current_user)
|
|
reset_session
|
|
@current_user = nil
|
|
end
|
|
|
|
def current_user?(user)
|
|
user && user == current_user
|
|
end
|
|
|
|
def store_location
|
|
session[:forwarding_url] = request.original_url if
|
|
request.get? || request.head?
|
|
end
|
|
end
|