--- Revision 1294+++ Revision 1441@@ -1,14 +1,14 @@-module AuthenticatedSy

1. --- Revision 1294
2. +++ Revision 1441
3. @@ -1,14 +1,14 @@
4. -module AuthenticatedSystem # :nodoc:
5. +module AuthenticatedSystem
6. protected
7. # Returns true or false if the user is logged in.
8. # Preloads @current_user with the user model if they're logged in.
9. def logged_in?
10. - current_user != :false
11. + (@current_user ||= session[:user] ? User.find_by_id(session[:user]) : :false).is_a?(User)
12. end
13.  
14. # Accesses the current user from the session.
15. def current_user
16. - @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false
17. + @current_user if logged_in?
18. end
19.  
20. # Store the given user in the session.
21. @@ -30,9 +30,13 @@
22. # current_user.login != "bob"
23. # end
24. def authorized?
25. - true
26. + true
27. end
28.  
29. + def admin?
30. + logged_in? && current_user.admin?
31. + end
32. +
33. # Filter method to enforce a login requirement.
34. #
35. # To require logins for all actions, use this in your controllers:
36. @@ -65,7 +69,7 @@
37. respond_to do |accepts|
38. accepts.html do
39. store_location
40. - redirect_to :controller => 'sessions', :action => 'new'
41. + redirect_to login_path
42. end
43. accepts.xml do
44. headers["Status"] = "Unauthorized"
45. @@ -93,7 +97,7 @@
46. # Inclusion hook to make #current_user and #logged_in?
47. # available as ActionView helper methods.
48. def self.included(base)
49. - base.send :helper_method, :current_user, :logged_in?
50. + base.send :helper_method, :current_user, :logged_in?, :admin?
51. end
52.  
53. # When called with before_filter :login_from_cookie will check for an :auth_token
54. @@ -105,19 +109,27 @@
55. user.remember_me
56. self.current_user = user
57. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
58. - #flash[:notice] = "Logged in successfully"
59. -
60. - # WeoGeo Customizations
61. - cookies[:first_name] = session[:first_name] = self.current_user.first_name
62. + flash[:notice] = "Logged in successfully"
63. end
64. end
65.  
66. private
67. - @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
68. # gets BASIC auth info
69. def get_auth_data
70. - auth_key = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
71. - auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
72. - return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
73. + user, pass = nil, nil
74. + # extract authorisation credentials
75. + if request.env.has_key? 'X-HTTP_AUTHORIZATION'
76. + # try to get it where mod_rewrite might have put it
77. + authdata = request.env['X-HTTP_AUTHORIZATION'].to_s.split
78. + elsif request.env.has_key? 'HTTP_AUTHORIZATION'
79. + # this is the regular location
80. + authdata = request.env['HTTP_AUTHORIZATION'].to_s.split
81. + end
82. +
83. + # at the moment we only support basic authentication
84. + if authdata && authdata[0] == 'Basic'
85. + user, pass = Base64.decode64(authdata[1]).split(':')[0..1]
86. + end
87. + return [user, pass]
88. end
89. end