Coherence v0.1.3 Coherence.SessionController
Handle the authentication actions.
Summary
Functions
Helper to check if a user has been confirmed
Login the user
Logout the user
Retrieve the login cookie
Fetch a rememberable database record
Call back for the authentication plug
Render the login form
Callback for the authenticate plug
Save the login cookie
Validate the login cookie
Functions
Login the user.
Find the user based on the login_field. Hash the given password and verify it matches the value stored in the database. Login proceeds only if the following other conditions are satisfied:
- Confirmation is enabled and the user has been confirmed.
- Lockable is enabled and the user is not locked.
If the Trackable option is enabled, the trackable fields are update.
If the provided password is not correct, and the lockable option is enabled check to see if the maximum login attempts threshold is exceeded. If so, lock the account.
If the rememberable option is enabled, create a new series and rememberable token, create a new cookie and update the database.
Logout the user.
Delete the user’s session, track the logout and delete the rememberable cookie.
Callback for the authenticate plug.
Validate the rememberable cookie. If valid, generate a new token, keep the same series number. Update the rememberable database with the new token. Save the new cookie.
Save the login cookie.
Validate the login cookie.
Check the following conditions:
- a record exists for the user, the series, but a different token
- assume a fraud case
- remove the rememberable cookie and delete the session
- a record exists for the user, the series, and the token
- a valid remembered user
- otherwise, this is an unknown user.