discourse/app/controllers/session_controller.rb

class SessionController < ApplicationController

  def create
    requires_parameter(:login, :password)

    login = params[:login]
    login = login[1..-1] if login[0] == "@"

    if login =~ /@/
      @user = User.where(email: Email.downcase(login)).first
    else
      @user = User.where(username_lower: login.downcase).first
    end

    if @user.present?

      # If the site requires user approval and the user is not approved yet
      if SiteSetting.must_approve_users? && !@user.approved?
        render json: {error: I18n.t("login.not_approved")}
        return
      end

      # If their password is correct
      if @user.confirm_password?(params[:password])
        if @user.email_confirmed?
          log_on_user(@user)
          render_serialized(@user, UserSerializer)
          return
        else
          render json: {
            error: I18n.t("login.not_activated"),
            reason: 'not_activated',
            sent_to_email: @user.email_logs.where(email_type: 'signup').order('created_at DESC').first.try(:to_address) || @user.email,
            current_email: @user.email
          }
          return
        end
      end
    end

    render json: {error: I18n.t("login.incorrect_username_email_or_password")}
  end

  def forgot_password
    requires_parameter(:login)

    user = User.where('username_lower = :username or email = :email', username: params[:login].downcase, email: Email.downcase(params[:login])).first
    if user.present?
      email_token = user.email_tokens.create(email: user.email)
      Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)
    end
    # always render of so we don't leak information
    render json: {result: "ok"}
  end

  def destroy
    session[:current_user_id] = nil
    cookies[:_t] = nil
    render nothing: true
  end

end
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`class SessionController < ApplicationController`

			`def create`
			`requires_parameter(:login, :password)`

better consistency around email case sensitivity 2013-04-14 20:20:33 -04:00			`login = params[:login]`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`login = login[1..-1] if login[0] == "@"`

			`if login =~ /@/`
better consistency around email case sensitivity 2013-04-14 20:20:33 -04:00			`@user = User.where(email: Email.downcase(login)).first`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`else`
better consistency around email case sensitivity 2013-04-14 20:20:33 -04:00			`@user = User.where(username_lower: login.downcase).first`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Fix all the trailing whitespace 2013-02-07 10:45:24 -05:00			`if @user.present?`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
			`# If the site requires user approval and the user is not approved yet`
enforce coding convention replaced every `and` by `&&` and every `or` by `\|\|` 2013-03-04 19:42:44 -05:00			`if SiteSetting.must_approve_users? && !@user.approved?`
Use consistent new-style hashes in render calls twitch 2013-03-22 14:08:11 -04:00			`render json: {error: I18n.t("login.not_approved")}`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`return`
			`end`

			`# If their password is correct`
			`if @user.confirm_password?(params[:password])`
Prevent login until email is confirmed 2013-02-11 11:18:26 -05:00			`if @user.email_confirmed?`
			`log_on_user(@user)`
			`render_serialized(@user, UserSerializer)`
			`return`
			`else`
Fix a problem where you might see missing {{sentTo}} value after a failed login 2013-04-18 16:44:56 -04:00			`render json: {`
			`error: I18n.t("login.not_activated"),`
			`reason: 'not_activated',`
			`sent_to_email: @user.email_logs.where(email_type: 'signup').order('created_at DESC').first.try(:to_address) \|\| @user.email,`
			`current_email: @user.email`
			`}`
Prevent login until email is confirmed 2013-02-11 11:18:26 -05:00			`return`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`
			`end`

Use consistent new-style hashes in render calls twitch 2013-03-22 14:08:11 -04:00			`render json: {error: I18n.t("login.incorrect_username_email_or_password")}`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`def forgot_password`
better consistency around email case sensitivity 2013-04-14 20:20:33 -04:00			`requires_parameter(:login)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00
better consistency around email case sensitivity 2013-04-14 20:20:33 -04:00			`user = User.where('username_lower = :username or email = :email', username: params[:login].downcase, email: Email.downcase(params[:login])).first`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`if user.present?`
			`email_token = user.email_tokens.create(email: user.email)`
			`Jobs.enqueue(:user_email, type: :forgot_password, user_id: user.id, email_token: email_token.token)`
			`end`
			`# always render of so we don't leak information`
Use consistent new-style hashes in render calls twitch 2013-03-22 14:08:11 -04:00			`render json: {result: "ok"}`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`def destroy`
			`session[:current_user_id] = nil`
			`cookies[:_t] = nil`
			`render nothing: true`
			`end`

			`end`