Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- Revision 1294
- +++ Revision 1441
- @@ -1,14 +1,14 @@
- -module AuthenticatedSystem # :nodoc:
- +module AuthenticatedSystem
- protected
- # Returns true or false if the user is logged in.
- # Preloads @current_user with the user model if they're logged in.
- def logged_in?
- - current_user != :false
- + (@current_user ||= session[:user] ? User.find_by_id(session[:user]) : :false).is_a?(User)
- end
- # Accesses the current user from the session.
- def current_user
- - @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false
- + @current_user if logged_in?
- end
- # Store the given user in the session.
- @@ -30,9 +30,13 @@
- # current_user.login != "bob"
- # end
- def authorized?
- - true
- + true
- end
- + def admin?
- + logged_in? && current_user.admin?
- + end
- +
- # Filter method to enforce a login requirement.
- #
- # To require logins for all actions, use this in your controllers:
- @@ -65,7 +69,7 @@
- respond_to do |accepts|
- accepts.html do
- store_location
- - redirect_to :controller => 'sessions', :action => 'new'
- + redirect_to login_path
- end
- accepts.xml do
- headers["Status"] = "Unauthorized"
- @@ -93,7 +97,7 @@
- # Inclusion hook to make #current_user and #logged_in?
- # available as ActionView helper methods.
- def self.included(base)
- - base.send :helper_method, :current_user, :logged_in?
- + base.send :helper_method, :current_user, :logged_in?, :admin?
- end
- # When called with before_filter :login_from_cookie will check for an :auth_token
- @@ -105,19 +109,27 @@
- user.remember_me
- self.current_user = user
- cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
- - #flash[:notice] = "Logged in successfully"
- -
- - # WeoGeo Customizations
- - cookies[:first_name] = session[:first_name] = self.current_user.first_name
- + flash[:notice] = "Logged in successfully"
- end
- end
- private
- - @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
- # gets BASIC auth info
- def get_auth_data
- - auth_key = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
- - auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
- - return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
- + user, pass = nil, nil
- + # extract authorisation credentials
- + if request.env.has_key? 'X-HTTP_AUTHORIZATION'
- + # try to get it where mod_rewrite might have put it
- + authdata = request.env['X-HTTP_AUTHORIZATION'].to_s.split
- + elsif request.env.has_key? 'HTTP_AUTHORIZATION'
- + # this is the regular location
- + authdata = request.env['HTTP_AUTHORIZATION'].to_s.split
- + end
- +
- + # at the moment we only support basic authentication
- + if authdata && authdata[0] == 'Basic'
- + user, pass = Base64.decode64(authdata[1]).split(':')[0..1]
- + end
- + return [user, pass]
- end
- end
Add Comment
Please, Sign In to add comment