Introduction
To build a secure implementation of the Content Type kind: Authentication Type in a theme or site, follow this checklist. And make sure you implement/test every step correctly.
- Ensure that your Plate level is set to Advanced.
You can do this in your user settings.
- Create an authentication type
- Implement a theme file for the required authentication action:
Always implement the bare minimum action: login, logout, edit, request_password_recovery, recover_password,
If you want to allow visitors to register independently, also implement the 'new' action.
Check the Content Type kind: Authentication Type to see what theme files and tags should be implemented for each action.
Ensure that each post that requires authentication for this authentication type, implements the authenticate tag.
I.e. if the authentication type has a plural name of "dealers", ensure that every page that requires authentication has the following snippet in its theme file:
The pages where the authentication_edit_form tag is implemented should always require authentication.
Ensure that there is a clear way to access the login page for this authentication type.
See the authentication liquid object documentation for info on how to access the login url. Hint, it's:
Ensure that the login page is not implementing the authenticate tag.
Or else you will require the visitors to login to login. You will get an endless loop, trust me, you will notice.
Implement the rendering of authentication properties.
Put {{authentication.current_dealer.email}} in your header for example.
- Try to break your authentication implementation
- Create an account on your own site
- Try to login
- Try to access "secure" pages. (You should be able to access them)
- Try to logout
- Try to access "secure" pages when logged out. (You should fail to access them)