auth via somethingawful cookie

2024-03-29 15:54:42 +01:00
parent b26434b795
commit c111723740
21 changed files with 408 additions and 1134 deletions
--- a/lib/something_erlang_web/controllers/page_controller.ex
+++ b/lib/something_erlang_web/controllers/page_controller.ex
@ -28,7 +28,6 @@ defmodule SomethingErlangWeb.PageController do
  end

  def to_forum_path(conn, params) do
-    params |> IO.inspect()
    render(conn, :home)
  end
 end
--- a/lib/something_erlang_web/controllers/user_session_controller.ex
+++ b/lib/something_erlang_web/controllers/user_session_controller.ex
@ -19,17 +19,17 @@ defmodule SomethingErlangWeb.UserSessionController do
  end

  defp create(conn, %{"user" => user_params}, info) do
-    %{"email" => email, "password" => password} = user_params
+    %{"username" => username, "password" => password} = user_params

-    if user = Accounts.get_user_by_email_and_password(email, password) do
+    if user = Accounts.login_sa_user_and_get_cookies(username, password) do
      conn
      |> put_flash(:info, info)
+      |> put_session(:bbpassword, user.bbpassword)
      |> UserAuth.log_in_user(user, user_params)
    else
-      # In order to prevent user enumeration attacks, don't disclose whether the email is registered.
      conn
-      |> put_flash(:error, "Invalid email or password")
-      |> put_flash(:email, String.slice(email, 0, 160))
+      |> put_flash(:error, "Login failed!")
+      |> put_flash(:email, String.slice(username, 0, 160))
      |> redirect(to: ~p"/users/log_in")
    end
  end