From d30d05e4c0dae0a77b64a4d6f1976a503a94e9fd Mon Sep 17 00:00:00 2001
From: Manager Bot <manager@myjekyllblog.net>
Date: Mon, 14 Nov 2022 05:44:33 +0000
Subject: [PATCH] Refactor login.

---
 Web/lib/MJB/Web.pm                 | 13 +++++++++
 Web/lib/MJB/Web/Controller/Auth.pm | 43 +++++++++++++++++++++++-------
 Web/templates/auth/login.html.ep   |  4 +--
 3 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/Web/lib/MJB/Web.pm b/Web/lib/MJB/Web.pm
index cfefab2..52a88a1 100644
--- a/Web/lib/MJB/Web.pm
+++ b/Web/lib/MJB/Web.pm
@@ -63,6 +63,15 @@ sub startup ($self) {
         $blog->create_related( 'jobs', { minion_job_id => $build_job_id } );
     });
 
+    # Helper to redirect on errors, support setting the form and errors in a flash
+    # if they exist in the stash.
+    $self->helper( redirect_error => sub ( $c, $redirect_to ) {
+        $c->flash( form   => $c->stash->{form}   ) if $c->stash->{form};
+        $c->flash( errors => $c->stash->{errors} ) if $c->stash->{errors};
+
+        $c->redirect_to( $c->url_for( $redirect_to ) );
+    });
+
     # Minion plugin & tasks
     $self->plugin( Minion => { Pg => $self->config->{database}->{minion} }      );
 
@@ -88,6 +97,10 @@ sub startup ($self) {
             }
         }
 
+        # If the user filled a form out and there was an error, we may have
+        # the content of the form in a flash, let's load that into the stash.
+        $c->stash->{form} = $c->flash( 'form' );
+
         return 1;
     });
 
diff --git a/Web/lib/MJB/Web/Controller/Auth.pm b/Web/lib/MJB/Web/Controller/Auth.pm
index 38ecd02..d93a73a 100644
--- a/Web/lib/MJB/Web/Controller/Auth.pm
+++ b/Web/lib/MJB/Web/Controller/Auth.pm
@@ -67,32 +67,57 @@ sub do_register ( $c ) {
 }
 
 sub login ( $c ) {
-
     if ( $c->stash->{person} ) {
         $c->redirect_to( $c->url_for( 'show_dashboard' ) );
     }
 }
 
+#==
+# POST /login | do_login
+#       email     - The email address of the account to login to.
+#       password  - The password for the account to login to.
+#
+# Try to login to the account owned by the email address with the
+# supplied password.
+#
+# If the account exists and password matches, set the session uid
+# to the user's account id.  This will load the correct account to
+# $c->stash->{person} on the next page load.
+#
+# Show the login page with error messages when there has been an error.
+#
+# Redirect the user to the dashboard on successful login.
+#== 
 sub do_login ( $c ) {
-    $c->stash->{template} = 'auth/login';
+    my $email    = $c->stash->{form}->{email}    = $c->param('email');
+    my $password = $c->stash->{form}->{password} = $c->param('password');
 
-    my $email    = $c->stash->{form_email}    = $c->param('email');
-    my $password = $c->stash->{form_password} = $c->param('password');
+    # Did we get an email address and a password?
+    push @{$c->stash->{errors}}, "You must supply an email address to login."
+        unless $email;
+    
+    push @{$c->stash->{errors}}, "You must suply a password to login."
+        unless $password;
+    
+    return $c->redirect_error( 'show_login' )
+        if $c->stash->{errors};
 
+    # Can we load a user account?
     my $person = $c->db->resultset('Person')->find( { email => $email } )
         or push @{$c->stash->{errors}}, "Invalid email address or password.";
 
-    return 0 if $c->stash->{errors};
+    return $c->redirect_error( 'show_login' )
+        if $c->stash->{errors};
 
+    # Does the user account we loaded have a password that matches the one supplied?
     $person->auth_password->check_password( $password )
         or push @{$c->stash->{errors}}, "Invalid email address or password.";
     
-    return 0 if $c->stash->{errors};
-
-    $c->stash->{person} = $person;
+    return $c->redirect_error( 'show_login' )
+        if $c->stash->{errors};
 
+    # Everything is good, log the user in and send them to the dashboard.
     $c->session->{uid} = $person->id;
-    
     $c->redirect_to( $c->url_for( 'show_dashboard' ) );
 }
 
diff --git a/Web/templates/auth/login.html.ep b/Web/templates/auth/login.html.ep
index c30083b..c6465dc 100644
--- a/Web/templates/auth/login.html.ep
+++ b/Web/templates/auth/login.html.ep
@@ -9,13 +9,13 @@
     <%= include '_base/form/input', type => 'email', name => 'email', 
         title => 'Email Address', 
         help  => '',
-        value => $c->stash->{form_email}
+        value => $c->stash->{form}->{email}
     %>
     
     <%= include '_base/form/input', type => 'password', name => 'password', 
         title => 'Password', 
         help  => '',
-        value => $c->stash->{form_password}
+        value => $c->stash->{form}->{password}
     %>
     
     <button type="submit" class="btn btn-primary float-end">Login</button>