PageRenderTime 169ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 1ms

/lib/authenticated_system.rb

https://github.com/meloon/crabgrass
Ruby | 133 lines | 69 code | 16 blank | 48 comment | 13 complexity | 931e94b13efa96207973f8752f1098f2 MD5 | raw file
  1. module AuthenticatedSystem
  2. # Accesses the current user from the session.
  3. def current_user
  4. @current_user ||= begin
  5. user = load_user(session[:user]) if session[:user]
  6. user ||= UnauthenticatedUser.new
  7. User.current = user if user.is_a?(User) # why not UnauthenticatedUser?
  8. user
  9. end
  10. end
  11. def load_user(id)
  12. user = User.find_by_id(id)
  13. if user
  14. user.seen!
  15. user.current_site = current_site
  16. end
  17. return user
  18. end
  19. # Returns true or false if the user is logged in.
  20. # Preloads @current_user with the user model if they're logged in.
  21. def logged_in?
  22. current_user.is_a?(UserExtension::AuthenticatedUser)
  23. end
  24. def logged_in_since
  25. session[:logged_in_since]
  26. end
  27. protected
  28. # Store the given user in the session.
  29. def current_user=(new_user)
  30. session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
  31. session[:logged_in_since] = Time.now
  32. @current_user = new_user
  33. end
  34. # Check if the user is authorized.
  35. #
  36. # Override this method in your controllers if you want to restrict access
  37. # to only a few actions or if you want to check if the user
  38. # has the correct rights.
  39. #
  40. # Example:
  41. #
  42. # # only allow nonbobs
  43. # def authorize?
  44. # current_user.login != "bob"
  45. # end
  46. def authorized?
  47. true
  48. end
  49. # Filter method to enforce a login requirement.
  50. #
  51. # To require logins for all actions, use this in your controllers:
  52. #
  53. # before_filter :login_required
  54. #
  55. # To require logins for specific actions, use this in your controllers:
  56. #
  57. # before_filter :login_required, :only => [ :edit, :update ]
  58. #
  59. # To skip this in a subclassed controller:
  60. #
  61. # skip_before_filter :login_required
  62. #
  63. def login_required
  64. username, passwd = get_auth_data
  65. self.current_user ||= User.authenticate(username, passwd) || UnauthenticatedUser.new if username && passwd
  66. User.current = current_user
  67. logged_in? && authorized? ? true : access_denied
  68. end
  69. # Redirect as appropriate when an access request fails.
  70. #
  71. # The default action is to redirect to the login screen.
  72. #
  73. # Override this method in your controllers if you want to have special
  74. # behavior in case the user is not authorized
  75. # to access the requested action. For example, a popup window might
  76. # simply close itself.
  77. def access_denied
  78. raise PermissionDenied
  79. end
  80. # Store the URI of the current request in the session.
  81. #
  82. # We can return to this location by calling #redirect_back_or_default.
  83. def store_location
  84. session[:return_to] = (request.request_uri unless request.xhr?)
  85. end
  86. # Redirect to the URI stored by the most recent store_location call or
  87. # to the passed default.
  88. def redirect_back_or_default(default)
  89. session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
  90. session[:return_to] = nil
  91. end
  92. # Inclusion hook to make #current_user and #logged_in?
  93. # available as ActionView helper methods.
  94. def self.included(base)
  95. base.send :helper_method, :current_user, :logged_in?
  96. end
  97. # When called with before_filter :login_from_cookie will check for an :auth_token
  98. # cookie and log the user back in if apropriate
  99. def login_from_cookie
  100. return unless cookies[:auth_token] && !logged_in?
  101. user = User.find_by_remember_token(cookies[:auth_token])
  102. if user && user.remember_token?
  103. user.remember_me
  104. self.current_user = user
  105. cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
  106. flash[:notice] = "Logged in successfully"
  107. end
  108. end
  109. private
  110. @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
  111. # gets BASIC auth info
  112. def get_auth_data
  113. auth_key = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
  114. auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
  115. return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
  116. end
  117. end