# -*- coding: utf-8 -*-
#= セッション管理コントローラー
# Authors:: Sumiyo Yamamoto
# Copyright:: Copyright (C) OrbusNeich Medical K.K.  2010.
#--
# date        name                   note
# 2010.2.19   Sumiyo Yamamoto        新規作成
#-------------------------------------------------------------------------------
#++
class SessionsController < ApplicationController
  trans_sid
  skip_before_filter :login_required

  #== ログイン画面用
  #-----------------------------------------------------------------#++
  def new
    require 'config/site_config'
    @ext_ver = ENV['EXT_VERSION'] || '2.2'
    @production = Rails.env.production? 
    @display_theme = $XTHEME
  end

  #== ログイン
  #-----------------------------------------------------------------#++
  def create
    logout_keeping_session!
    user = User.authenticate(params[:login], params[:password])
    if user
      #セッションIDを記録して、一つのアカウントで複数の端末で使い回されるのを防ぐ。
      #user.session_id = session.session_id
      user.session_id = request.session_options[:id]
      user.save(false)
      self.current_user = user
      if request.mobile?
        #MobileAuthenticatedSystem必須
        new_uid_flag = (params[:remember_me] == "1")
        handle_remember_uid! new_uid_flag
        session[:user_id] = user.id
        # [tohki] comm モジュール内では直接リダイレクトしない．
        # TopController#redirect_if_mobile でリダイレクト先を指定する
        # パフォーマンスが気になる場合はここでリダイレクトした方がいいと思います
        redirect_back_or_default(:controller=>'/top', :action=>'index')
      else
        new_cookie_flag = (params[:remember_me] == "1")
        handle_remember_cookie! new_cookie_flag
        session[:user_id] = user.id
        session[:role_ids] = user.vroles.extract('id')
        positions = UserPosition.set(MFIND_V).sassign('user_id', user.id).all
        session[:section_ids] = positions.extract('section_id')
        # Protects against session fixation attacks, causes request forgery
        # protection if user resubmits an earlier form using back
        # button. Uncomment if you understand the tradeoffs.
        # reset_session
        #redirect_back_or_default(:controller=>'/top', :action=>'index')
        #flash[:notice] = "Logged in successfully"
        if session[:return_to]
          render :json => {:success => true, :return_to => session[:return_to]}
        else
          render :json => {:success => true, :return_to => '/top'}
        end
      end
    else
      note_failed_signin
      @login       = params[:login]
      @remember_me = params[:remember_me]
      if request.mobile?  
        render :action => :new
      else
        render :json => {:success => false}
      end
    end
  end

  #== ログアウト
  #-----------------------------------------------------------------#++
  def destroy
    logout_killing_session!
    flash[:notice] = "You have been logged out."
    redirect_back_or_default(:controller=>'/top', :action=>'index')
  end

protected
  # Track failed login attempts
  def note_failed_signin
    flash[:error] = "Couldn't log you in as '#{params[:login]}'"
    logger.warn "Failed login for '#{params[:login]}' from #{request.remote_ip} at #{Time.now.utc}"
  end

end