Implementing Authentication
To build a secure implementation of the Content Type kind: Authentication Type in a theme or site, follow this checklist. And make sure you implement/test every step correctly.
If you have any questions, feel free to ask a question in the community, or submit a ticket if you think you encountered a bug.
Ensure that your Plate level is set to Advanced.
You can do this in your user settings.
Create an authentication type
Implement a theme file for the required authentication action:
Always implement the bare minimum action: 'login', 'logout', request_password_recovery, recover_password, edit
If you want to allow visitors to register independently, also implement the 'new' action.
Check the Content Type kind: Authentication Type to see what theme files and tags should be implemented for each action.
Ensure that each post that requires authentication for this authentication type, implements the authenticate tag.
I.e. if the authentication type has a plural name of "dealers", ensure that every page that requires authentication has the following snippet in its theme file:
{% authenticate "dealers" %}
The pages where the authentication_edit_form tag is implemented should always require authentication.
Ensure that there is a clear way to access the login page for this authentication type.
See the authentication liquid object documentation for info on how to access the login url. Hint, it's:
<a href="{{authentication.authentication_types.dealers.login_path}}">Login</a>
Ensure that the login page is not implementing the authenticate tag.
Or else you will require the visitors to login to login. You will get an endless loop, trust me, you will notice.
Implement the rendering of
authentication properties.
Put {{authentication.current_dealer.email}} in your header for example.
Try to break your authentication implementation
Create an account on your own site
Try to login
Try to access "secure" pages. (You should be able to access them)
Try to logout
Try to access "secure" pages when logged out. (You should fail to access them)