Authenticating users
Lacuna • July 20, 2022
Login
The login controller is nice and simple, during authentication it:
- checks to see if the user exists with the correct password
- redirects to the home page on success
If the user does not exist, or the password is incorrect, display a simple error message.
Register
The registration process is very similar:
- check to see if the email address is already in use
- create the new user account
- create the linked player account
- login the user
- redirects to the home page on success
If the user's email address already exists, display the relevant error on the form.
Home Page
Currently, the home page is simply a place-holder so that I can test the authentication process.
Logout
The logout process is very simple: drop all the session information for the current user and redirect back to the index page.
Password Recovery
If the user has forgotten their password, then this gives them the opportunity to create a new password.
- ask the user for their email address
- assuming the email address exists in the system, send an email with link to reset their password
- display a nice
Password Reset
Once the user receives a password reset mail, they have a limited time in which to click it, and set a new password.
Wrapping up
I've glossed over much of the authentication process, and there are potentially missing aspects however it will suffice for now.
The system has now reached the state where we can register, login, logout, and handle forgotten passwords all simply, cleanly and efficiently, however I need to be able to test everything correctly and ensure the code reaches the correct standard of quality before proceeding.