[myexperiment-hackers] [2679] trunk/app/controllers/session_controller.rb: Be defensive about lack of session[] in request.

[noreply]

Revision

2679

Author

dtm

Date

2011-08-22 12:29:51 -0400 (Mon, 22 Aug 2011)

Log Message

Be defensive about lack of session[] in request.

Modified Paths

• trunk/app/controllers/session_controller.rb

Diff

Modified: trunk/app/controllers/session_controller.rb (2678 => 2679)

--- trunk/app/controllers/session_controller.rb	2011-08-18 08:54:44 UTC (rev 2678)
+++ trunk/app/controllers/session_controller.rb	2011-08-22 16:29:51 UTC (rev 2679)
@@ -79,17 +79,21 @@
   protected
   
     def password_authentication
-      login, password = params[:session][:username], params[:session][:password]
-      
-      self.current_user = User.authenticate(login, password)
-      if logged_in?
-        if params[:session][:remember_me] == "1"
-          self.current_user.remember_me
-          cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+      if params[:session]
+        login, password = params[:session][:username], params[:session][:password]
+
+        self.current_user = User.authenticate(login, password)
+        if logged_in?
+          if params[:session][:remember_me] == "1"
+            self.current_user.remember_me
+            cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
+          end
+          successful_login(self.current_user)
+        else
+          failed_login('Invalid username or password')
         end
-        successful_login(self.current_user)
       else
-        failed_login('Invalid username or password')
+        failed_login('Invalid request')
       end
     end