1 files changed, 44 insertions, 0 deletions

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..f92ae1c
--- /dev/null
+++ b/app/controllers/sessions_controller.rb
@@ -0,0 +1,44 @@
+class SessionsController < ApplicationController
+  
+  before_filter :redirect_to_https
+  skip_before_filter :home_breadcrumb
+  
+  def new
+  end  
+  
+  def create  
+    user = User.find_by_email(params[:sessions][:login_data].downcase.strip)
+    if user.nil?
+      user = User.find_by_user_name(params[:sessions][:login_data].downcase.strip)
+    end 
+    if user && user.authenticate(params[:sessions][:password])  
+      session[:user_id] = user.id  
+      redirect_to tenant_user_path(user.current_tenant, user), :notice => t('sessions.controller.successfully_created', :resource => user)
+    elsif user && !user.email.blank? && params[:sessions][:reset_password] =~ (/(1|t|y|yes|true)$/i)
+      password = SecureRandom.base64(8)[0..7]
+      if user.update_attributes(:password => password)
+        Notifications.new_password(user, password).deliver
+        flash.now.notice = t('sessions.flash_messages.password_recovery_successful', :resource => user) 
+      else
+        flash.now.alert = t('sessions.flash_messages.password_recovery_failed', :resource => user) 
+      end
+      render "new"  
+    else
+      flash.now.alert = t('sessions.flash_messages.invalid_email_or_password', :resource => user) 
+      render "new"  
+    end  
+  end
+    
+  def destroy  
+    session[:user_id] = nil
+    redirect_to root_url, :notice => t('sessions.controller.successfully_destroyed')  
+  end
+
+  private
+  def redirect_to_https
+    if GUI_REDIRECT_HTTPS and ! request.ssl?
+      redirect_to :protocol => "https://"
+    end
+  end
+  
+end