diff --git a/app/assets/javascripts/app/views/login.jst.eco b/app/assets/javascripts/app/views/login.jst.eco
index a8415287c..645eaa34e 100644
--- a/app/assets/javascripts/app/views/login.jst.eco
+++ b/app/assets/javascripts/app/views/login.jst.eco
@@ -11,6 +11,11 @@
+
diff --git a/app/assets/stylesheets/zzz.css b/app/assets/stylesheets/zzz.css
index 39cd69db8..6181212bf 100644
--- a/app/assets/stylesheets/zzz.css
+++ b/app/assets/stylesheets/zzz.css
@@ -13,6 +13,15 @@ body {
background-image: url("../assets/glyphicons-halflings.png");
}
+/*
+ *
+ */
+.hero-unit .small {
+ font-size: 12px;
+ line-height: 20px;
+ color: #999999;
+}
+
/*
* removed margin of forms to not break the layout with submit buttons within area e. g. for modal dialogs
*/
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 912d73e31..c62b3e094 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -5,8 +5,7 @@ class SessionsController < ApplicationController
# "Create" a login, aka "log the user in"
def create
- logger.debug 'session create'
-# logger.debug params.inspect
+
user = User.authenticate( params[:username], params[:password] )
# auth failed
@@ -15,32 +14,34 @@ class SessionsController < ApplicationController
return
end
+ user = User.find_fulldata(user.id)
+
# do not show password
user['password'] = ''
- user['roles'] = user.roles.select('id, name').where(:active => true)
- user['groups'] = user.groups.select('id, name').where(:active => true)
- user['organization'] = user.organization
- user['organizations'] = user.organizations.select('id, name').where(:active => true)
-
# auto population of default collections
default_collection = default_collections()
# set session user_id
- session[:user_id] = user.id
+ session[:user_id] = user['id']
# check logon session
logon_session_key = nil
if params['logon_session']
logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
- ActiveRecord::SessionStore::Session.create(
+ session = ActiveRecord::SessionStore::Session.create(
:session_id => logon_session_key,
:data => {
- :user_id => user.id
+ :user_id => user['id']
}
)
end
+ # remember me - set session cookie to expire later
+ if params[:remember_me]
+ request.env['rack.session.options'][:expire_after] = 1.year.from_now
+ end
+
# return new session data
render :json => {
:session => user,
@@ -92,10 +93,14 @@ class SessionsController < ApplicationController
# "Delete" a login, aka "log the user out"
def destroy
-
+
# Remove the user id from the session
@_current_user = session[:user_id] = nil
+ # reset session cookie (set :expire_after to '' in case remember_me is active)
+ request.env['rack.session.options'][:expire_after] = ''
+ request.env['rack.session.options'][:renew] = true
+
render :json => { }
end
diff --git a/app/models/user.rb b/app/models/user.rb
index b1b328e9e..a827fee1c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -14,6 +14,10 @@ class User < ApplicationModel
def self.authenticate( username, password )
+ # do not authenticate with nothing
+ return if !username
+ return if !password
+
# try to find user based on login
user = User.where( :login => username, :active => true ).first