5 files changed, 123 insertions, 4 deletions

diff --git a/app/controllers/application.rb b/app/controllers/application.rb
index dcae8385b..e5c6a455b 100644
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@@ -1,7 +1,42 @@
-# Filters added to this controller apply to all controllers in the application.
-# Likewise, all the methods added will be available for all controllers.
+# controllers/application.rb:
+# Parent class of all controllers in FOI site. Filters added to this controller
+# apply to all controllers in the application. Likewise, all the methods added
+# will be available for all controllers.
+#
+# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
+# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+#
+# $Id: application.rb,v 1.2 2007-08-01 16:41:32 francis Exp $
+
 
 class ApplicationController < ActionController::Base
-  # Pick a unique cookie name to distinguish our session data from others'
-  session :session_key => '_foi_session_id'
+    # Pick a unique cookie name to distinguish our session data from others'
+    session :session_key => '_foi_session_id'
+
+    def check_authentication
+        unless session[:user]
+            session[:intended_action] = action_name
+            session[:intended_controller] = controller_name
+            redirect_to :action => "signin"
+        end
+    end
+
+    def signin
+        if request.post?
+            user = User.authenticate(params[:email], params[:password])
+            if user
+                session[:user] = user.id
+                redirect_to :action => session[:intended_action], :controller => session[:intended_controller]
+            else
+                flash[:notice] = "Email or password not correct"
+            end
+
+        end
+    end
+
+    def signout
+        sessions[:user] = nil
+        redirect_to frontpage
+    end
+
 end
diff --git a/app/controllers/frontpage_controller.rb b/app/controllers/frontpage_controller.rb
index 3eaaf70b6..e52f6c2fe 100644
--- a/app/controllers/frontpage_controller.rb
+++ b/app/controllers/frontpage_controller.rb
@@ -1,3 +1,11 @@
+# controllers/frontpage_controller.rb:
+# Main page of site.
+#
+# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
+# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+#
+# $Id: frontpage_controller.rb,v 1.2 2007-08-01 16:41:32 francis Exp $
+
 class FrontpageController < ApplicationController
     layout "default"
 
@@ -6,5 +14,7 @@ class FrontpageController < ApplicationController
             format.html
         end
     end
+
+    before_filter :check_authentication, :except => [:signin]
 end
 
diff --git a/app/models/user.rb b/app/models/user.rb
new file mode 100644
index 000000000..2a6b7a31d
--- /dev/null
+++ b/app/models/user.rb
@@ -0,0 +1,58 @@
+# models/user.rb:
+# Model of people who use the site to file requests, make comments etc.
+#
+# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
+# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
+#
+# $Id: user.rb,v 1.1 2007-08-01 16:41:33 francis Exp $
+
+require 'digest/sha1'
+
+class User < ActiveRecord::Base
+    validates_presence_of :name
+
+    validates_presence_of :email
+    validates_uniqueness_of :email, :case_sensitive => false
+
+    attr_accessor :password_confirmation
+    validates_confirmation_of :password
+
+    def validate
+        errors.add_to_base("Missing password") if hashed_password.blank?
+    end
+
+    # Return user given login email and password
+    def self.authenticate(email, password)
+        user = self.find(:first, :conditions => [ 'email ilike ?', email ] )
+        if user
+            expected_password = encrypted_password(password, user.salt)
+            if user.hashed_password != expected_password
+                user = nil
+            end
+        end
+        user
+    end
+
+    # Virtual password attribute, which stores the hashed password, rather than plain text.
+    def password
+        @password
+    end
+    def password=(pwd)
+        @password = pwd
+        return if pwd.blank?
+        create_new_salt
+        self.hashed_password = User.encrypted_password(self.password, self.salt)
+    end
+
+    private
+
+    def self.encrypted_password(password, salt)
+        string_to_hash = password + salt # XXX need to add a secret here too?
+        Digest::SHA1.hexdigest(string_to_hash)
+    end
+    
+    def create_new_salt
+        self.salt = self.object_id.to_s + rand.to_s
+    end
+end
+
diff --git a/app/views/frontpage/signin.rhtml b/app/views/frontpage/signin.rhtml
new file mode 100644
index 000000000..f66ec4eb0
--- /dev/null
+++ b/app/views/frontpage/signin.rhtml
@@ -0,0 +1,11 @@
+
+<%= start_form_tag :action => "signin" %>
+    <label for="email">Email:</label>
+    <%= text_field_tag "email" %>
+    <br>
+    <label for="password">Password:</label>
+    <%= password_field_tag "password" %>
+    <br>
+    <%= submit_tag "Sign in" %>
+<%= end_form_tag %>
+
diff --git a/app/views/layouts/default.rhtml b/app/views/layouts/default.rhtml
index fd37dfa9e..3181598ba 100644
--- a/app/views/layouts/default.rhtml
+++ b/app/views/layouts/default.rhtml
@@ -11,6 +11,11 @@
     <ul id="navigation">
         <li>Home</li>
     </ul>
+
+    <% if flash[:notice] %>
+        <div id="notice"><%= flash[:notice] %></div>
+    <% end %>
+
     <%= yield :layout %>
     </body>
 </html>