Tidied up login authentication + tests (woo!)

author: Patrick J Cherry <patrick@bytemark.co.uk> 2012-03-22 17:40:38 +0000
committer: Patrick J Cherry <patrick@bytemark.co.uk> 2012-03-22 17:40:38 +0000
commit: dc443284c4b5f59a4447797f88730d9fe1bc0b45 (patch)
tree: 1f82d0e9754c3239cc4ac65220ef4f54a4a5e44e /lib/mauve/web_interface.rb
parent: 2622cd5d2cb322b78229d345d82076a582925ae2 (diff)
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb
index b998ad8..225cc33 100644
--- a/lib/mauve/web_interface.rb
+++ b/lib/mauve/web_interface.rb
@@ -4,6 +4,7 @@ require 'redcloth'
 require 'json'
 
 require 'mauve/authentication'
+require 'mauve/http_server'
 
 tilt_lib = "tilt"
 begin
@@ -120,7 +121,6 @@ EOF
 
         unless ok_urls.include?(request.path_info) 
           flash['error'] = "You must be logged in to access that page."
-          status 403
           redirect "/login?next_page=#{request.path_info}" unless no_redirect_urls.any?{|u| /^#{u}/ =~ request.path_info }
         end
       end      
@@ -146,7 +146,9 @@ EOF
       if @person
         redirect '/'
       else
+        @username = nil
         @next_page = params[:next_page] || '/'
+        status 403 if flash['error']
         haml :login
       end
     end
@@ -154,7 +156,7 @@ EOF
     post '/login' do
       usr = params['username'].to_s
       pwd = params['password'].to_s
-      next_page = params['next_page'].to_s
+      next_page = params['next_page'] || "/"
       
       #
       # Make sure we don't magically logout automatically :)
@@ -165,14 +167,19 @@ EOF
         session['username'] = usr
         redirect next_page
       else
-        flash['error'] = "You must be logged in to access that page."
-        redirect "/login?next_page=#{next_page}"
+        flash['error'] = "Authentication failed."
+        status 401
+#        redirect "/login?next_page=#{next_page}"
+        @title += " Login"
+        @username = usr
+        @next_page = next_page
+        haml :login
       end
     end
     
     get '/logout' do
       session.delete('username')
-      flash['error'] = "You have logged out!"
+      flash['info'] = "You have logged out!"
       redirect '/login'
     end
author	Patrick J Cherry <patrick@bytemark.co.uk>	2012-03-22 17:40:38 +0000
committer	Patrick J Cherry <patrick@bytemark.co.uk>	2012-03-22 17:40:38 +0000
commit	dc443284c4b5f59a4447797f88730d9fe1bc0b45 (patch)
tree	1f82d0e9754c3239cc4ac65220ef4f54a4a5e44e /lib/mauve/web_interface.rb
parent	2622cd5d2cb322b78229d345d82076a582925ae2 (diff)