module AuthenticatedSystem protected Returns true or false if the clie

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
module AuthenticatedSystem
protected
# Returns true or false if the client is logged in.
# Preloads @current_client with the client model if they're logged in.
def logged_in?
current_client != :false
end
# Accesses the current client from the session. Set it to :false if login fails
# so that future calls do not hit the database.
def current_client
@current_client ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)
end
# Store the given client id in the session.
def current_client=(new_client)
session[:client_id] = (new_client.nil? || new_client.is_a?(Symbol)) ? nil : new_client.id
@current_client = new_client || :false
end
# Check if the client is authorized
#
# Override this method in your controllers if you want to restrict access
# to only a few actions or if you want to check if the client
# has the correct rights.
#
# Example:
#
# # only allow nonbobs
# def authorized?
# current_client.login != "bob"
# end
def authorized?
logged_in?
end
# Filter method to enforce a login requirement.
#
# To require logins for all actions, use this in your controllers:
#
# before_filter :login_required
#
# To require logins for specific actions, use this in your controllers:
#
# before_filter :login_required, :only => [ :edit, :update ]
#
# To skip this in a subclassed controller:
#
# skip_before_filter :login_required
#
def login_required
authorized? || access_denied
end
def not_logged_in_required
!logged_in? || permission_denied
end
# Redirect as appropriate when an access request fails.
#
# The default action is to redirect to the login screen.
#
# Override this method in your controllers if you want to have special
# behavior in case the client is not authorized
# to access the requested action. For example, a popup window might
# simply close itself.
def access_denied
respond_to do |format|
format.html do
store_location
flash[:error] = "You must be logged in to access this feature."
redirect_to login_url
end
format.xml do
request_http_basic_authentication 'Web Password'
end
end
end
def permission_denied
respond_to do |format|
format.html do
domain_name = "http://#{$KK_HOST}"
http_referer = session[:refer_to]
if http_referer.nil?
store_referer
http_referer = ( session[:refer_to] || domain_name )
end
flash[:error] = "You don't have permission to complete that action."
#The [0..20] represents the 21 characters in http://localhost:3000
#You have to set that to the number of characters in your domain name
if http_referer[0..20] != domain_name
session[:refer_to] = nil
redirect_to root_path
else
redirect_to_referer_or_default(root_path)
end
end
format.xml do
headers["Status"] = "Unauthorized"
headers["WWW-Authenticate"] = %(Basic realm="Web Password")
render :text => "You don't have permission to complete this action.", :status => '401 Unauthorized'
end
end
end
# Store the URI of the current request in the session.
#
# We can return to this location by calling #redirect_back_or_default.
def store_location
session[:return_to] = request.request_uri
end
def store_referer
session[:refer_to] = request.env["HTTP_REFERER"]
end
# Redirect to the URI stored by the most recent store_location call or
# to the passed default.
def redirect_back_or_default(default)
redirect_to(session[:return_to] || default)
session[:return_to] = nil
end
def redirect_to_referer_or_default(default)
redirect_to(session[:refer_to] || default)
session[:refer_to] = nil
end
# Inclusion hook to make #current_client and #logged_in?
# available as ActionView helper methods.
def self.included(base)
base.send :helper_method, :current_client, :logged_in?
end
# Called from #current_client. First attempt to login by the client id stored in the session.
def login_from_session
self.current_client = Client.find(session[:client_id]) if session[:client_id]
end
# Called from #current_client. Now, attempt to login by basic authentication information.
def login_from_basic_auth
authenticate_with_http_basic do |email, password|
self.current_client = Client.authenticate(email, password)
end
end
# Called from #current_client. Finaly, attempt to login by an expiring token in the cookie.
def login_from_cookie
client = cookies[:auth_token] && Client.find_by_remember_token(cookies[:auth_token])
if client && client.remember_token?
client.remember_me
cookies[:auth_token] = { :value => client.remember_token, :expires => client.remember_token_expires_at }
self.current_client = client
end
end
end