Introduction
Last updated: · Published:
To build a secure implementation of the Content Type kind: Authentication Type in a theme or site, follow this checklist. And make sure you implement/test every step correctly.
- Ensure that your Plate level is set to Advanced.
- You can do this in your user settings.
- Create an authentication type
- Implement a theme file for the required authentication action:
Always implement the bare minimum action: login, logout, edit, request_password_recovery, recover_password,
If you want to allow visitors to register independently, also implement the 'new' action.
Check the Content Type kind: Authentication Type to see what theme files and tags should be implemented for each action.
- Ensure that each post that requires authentication for this authentication type, implements the authenticate tag.
I.e. if the authentication type has a plural name of "dealers", ensure that every page that requires authentication has the following snippet in its theme file:
Or else you will require the visitors to login to login. You will get an endless loop, trust me, you will notice.
Implement the rendering of authentication properties.
Put {{authentication.current_dealer.email}} in your header for example.
- Try to break your authentication implementation
- Create an account on your own site
- Try to login
- Try to access "secure" pages. (You should be able to access them)
- Try to logout
- Try to access "secure" pages when logged out. (You should fail to access them)