def authenticate authenticate_or_request_with_http_basic do | username,pas

1. def authenticate
2. authenticate_or_request_with_http_basic do | username,password |
3. return false if username.blank? || password.blank?
4. username.strip!.downcase!
5.  
6. # Check to see if this request provides a session cookie.
7. # If the user id is in the session database, they pass right thru
8. @current_user = User.find_by_username( session[:user_id] ) if session[:user_id]
9. return if @current_user
10.  
11. # If no cookie, check access list. If found, put user in session table
12. if ACCESS_LIST[ username ] == password
13. @current_user = User.find_or_create_by_username( username )
14. session[:user_id] = username # Put username in the session, for lookup next time
15. return
16. end
17.  
18. # Still not authorized -- now try ESO.
19. begin
20. driver = SOAP::WSDLDriverFactory.new(ESO_WEB_SERVICE_URL).create_rpc_driver
21. result = driver.Authenticate( { :username => username, :password => password} )
22. if result.authenticateResult == 'VALID_USER'
23. # try to load the user from the database, if does not exist, create him/her
24. @current_user = User.find_or_create_by_username(username)
25. session[:user_id] = username # Put username in the session, for lookup next time
26. return
27. end
28. rescue
29. # Either exception threw or result wasn't valid
30. end
31. generate_render("401 Unauthorized user or incorrect password: #{username}")
32. end
33. end
34.  
35. def generate_render( render_msg )
36. @result = render_msg
37. render :text => render_msg, :status => render_msg.split(" ").first
38. end