Added admin login

app/controllers/admin/sessions_controller.rb

@@ -3,15 +3,25 @@ class Admin::SessionsController < Devise::SessionsController
   layout 'admin/application'
 
   def login
+    @admin_user = AdminUser.new
   end
 
-  # def create
+  def create
-    # @user = AdminUser.first if params[:user1]
+    if params[:admin_user].blank?
-    # @user = AdminUser.second if params[:user2]
+      @admin_user = AdminUser.new
+      flash[:alert] = 'Something went wrong'
+      return render 'login'
+    end
 
-    # return redirect_to :back, alert: 'No user' if @user.blank?
+    @admin_user = AdminUser.find_by(username: params[:admin_user][:username])
+    @admin_user ||= AdminUser.new(username: params[:admin_user][:username])
 
-    # flash[:notice] = I18n.t('welcome')
+    if @admin_user.valid_password?(params[:admin_user][:password])
-    # sign_in_and_redirect @user, event: :authentication
+      sign_in @admin_user, event: :authentication
-  # end
+      redirect_to admin_root_url, notice: I18n.t(:welcome)
+    else
+      flash[:alert] = 'Authorization error'
+      render 'login'
+    end
+  end
 end

app/controllers/sessions_controller.rb

@@ -1,17 +0,0 @@
-class SessionsController < Devise::SessionsController
-  skip_authorization_check only: :create
-
-  def create
-    # TODO: Create ID Card login here:
-    # this is just testing config
-    # if Rails.env.development? || Rails.env.test?
-    @user = AdminUser.first if params[:user1]
-    @user = AdminUser.second if params[:user2]
-
-    return redirect_to :back, alert: 'No user' if @user.blank?
-
-    flash[:notice] = I18n.t('welcome')
-    sign_in_and_redirect @user, event: :authentication
-    # end
-  end
-end

app/models/ability.rb

@@ -91,6 +91,7 @@ class Ability
     can :manage, DomainVersion
     can :manage, User
     can :manage, ApiUser
+    can :manage, AdminUser
     can :manage, Certificate
     can :manage, Keyrelay
     can :manage, LegalDocument

app/views/admin/admin_users/_form.haml

@@ -8,11 +8,18 @@
           = f.label :username
         .col-md-8
           = f.text_field(:username, class: 'form-control')
-      .form-group
+      - if @admin_user.new_record? || can?(:update, AdminUser)
-        .col-md-4.control-label
+        .form-group
-          = f.label :password
+          .col-md-4.control-label
-        .col-md-8
+            = f.label :password
-          = f.text_field(:password, class: 'form-control')
+          .col-md-8
+            = f.text_field(:password, class: 'form-control')
+        .form-group
+          .col-md-4.control-label
+            = f.label :password_confirmation
+          .col-md-8
+            = f.text_field(:password_confirmation, class: 'form-control')
+
       %hr
       .form-group
         .col-md-4.control-label

app/views/admin/sessions/login.haml

@@ -1,8 +1,15 @@
-%h2.form-signin-heading.text-center Eesti Interneti SA
+.row
-%hr
+  .form-signin.col-md-6.center-block.text-center
-.form-signin
+    %h2.form-signin-heading.text-center Eesti Interneti SA
-  / TODO: Refactor this when ID card login is done
+    %hr
-  = button_to 'ID card (user1)', admin_sessions_path,
+    .form-signin
-    class: 'btn btn-lg btn-primary btn-block', name: 'user1'
+      = form_for(@admin_user, url: admin_sessions_path, method: :create, html: {class: 'form-signin'}) do |f|
-  = button_to 'ID card (user2)', admin_sessions_path,
+        = render 'admin/shared/errors', object: f.object
-    class: 'btn btn-lg btn-primary btn-block', name: 'user2'
+
+        - error_class = f.object.errors.any? ? 'has-error' : ''
+        %div{class: error_class}
+          = f.text_field :username, class: 'form-control', placeholder: t(:username), required: true
+          = f.password_field :password, class: 'form-control', 
+            autocomplete: 'off', placeholder: t(:password), required: true
+        %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)
+

app/views/admin/shared/_errors.haml

@@ -0,0 +1,5 @@
+- if object.errors.any?
+  %p.text-danger
+    - object.errors.each do |attr, err|
+      = err
+      %br

app/views/registrar/sessions/login.haml

@@ -8,7 +8,8 @@
       - error_class = f.object.errors.any? ? 'has-error' : ''
       %div{class: error_class}
         = f.text_field :tag, class: 'form-control', placeholder: t(:username), required: true
-        = f.password_field :password, class: 'form-control', placeholder: t(:password), required: true
+        = f.password_field :password, class: 'form-control', 
+          autocomplete: 'off', placeholder: t(:password), required: true
 
       %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)
 

config/initializers/devise.rb

@@ -131,7 +131,7 @@ Devise.setup do |config|
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
+  config.remember_for = 2.weeks
 
   # Invalidates all the remember me tokens when the user signs out.
   config.expire_all_remember_me_on_sign_out = true
@@ -155,7 +155,7 @@ Devise.setup do |config|
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 8.hours
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false