Module: LoginSystem

Included in:
ApplicationController
Defined in:
lib/login_system.rb

Instance Method Summary collapse

Instance Method Details

#access_deniedObject (protected)

overwrite if you want to have special behavior in case the user is not authorized to access the current operation. the default action is to redirect to the login screen example use : a popup window might just close itself for instance



163
164
165
166
167
168
169
170
 
# File 'lib/login_system.rb', line 163

def access_denied
  respond_to do |format|
    format.html { redirect_to  }
    format.m { redirect_to (:format => 'm') }
    format.js { render :partial => 'login/redirect_to_login' }
    format.any(:xml, :rss, :atom, :text) { basic_auth_denied }
  end
end

#authorize?(user) ⇒ Boolean (protected)

overwrite this if you want to restrict access to only a few actions or if you want to check if the user has the correct rights example:

  1. only allow nonbobs def authorize?(user) user.login != “bob” end

Returns:

  • (Boolean) 


38
39
40
 
# File 'lib/login_system.rb', line 38

def authorize?(user)
  true
end

#basic_auth_deniedObject (protected) 



211
212
213
214
 
# File 'lib/login_system.rb', line 211

def basic_auth_denied
  response.headers["WWW-Authenticate"] = "Basic realm=\"'Tracks Login Required'\""
  render :body => t('login.unsuccessful'), :status => 401
end

#current_userObject 



4
5
6
 
# File 'lib/login_system.rb', line 4

def current_user
  get_current_user
end

#get_basic_auth_dataObject (protected)

HTTP Basic auth code adapted from Coda Hale’s simple_http_auth plugin. Thanks, Coda!



189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
 
# File 'lib/login_system.rb', line 189

def get_basic_auth_data
  auth_locations = ['REDIRECT_REDIRECT_X_HTTP_AUTHORIZATION',
                    'REDIRECT_X_HTTP_AUTHORIZATION',
                    'X-HTTP_AUTHORIZATION', 'HTTP_AUTHORIZATION']

  authdata = nil
  auth_locations.each do |location|
    if request.env.has_key?(location)
      authdata = request.env[location].to_s.split
    end
  end
  if authdata && authdata[0] == 'Basic'
    data = Base64.decode64(authdata[1]).split(':')[0..1]
    {
      user: data[0],
      pass: data[1]
    }
  else
    {}
  end
end

#get_current_userObject (protected) 



146
147
148
149
150
151
 
# File 'lib/login_system.rb', line 146

def get_current_user
  if @user.nil? && session['user_id']
    @user = User.find(session['user_id'])
  end
  @user
end

#logged_in?Boolean (protected)

Returns:

  • (Boolean) 


142
143
144
 
# File 'lib/login_system.rb', line 142

def logged_in?
  current_user != nil
end

#login_from_cookieObject (protected)

When called with before_action :login_from_cookie will check for an :auth_token cookie and log the user back in if appropriate



59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/login_system.rb', line 59

def 
  return unless cookies[:auth_token] && !logged_in?
  token = cookies[:auth_token]
  user = User.where(:remember_token => token).first
  if user && user.remember_token?
    session['user_id'] = user.id
    set_current_user(user)
    current_user.remember_me
    cookies[:auth_token] = { :value => current_user.remember_token, :expires => current_user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
    flash[:notice] = t('login.successful')
  end
end

#login_optionalObject (protected) 



125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/login_system.rb', line 125

def 
  

  if session['user_id'] && authorize?(get_current_user)
    return true
  end

  auth = get_basic_auth_data
  if (user = User.authenticate(auth[:user], auth[:pass]))
    session['user_id'] = user.id
    set_current_user(user)
    return true
  end

  return true
end

#login_or_feed_token_requiredObject (protected) 



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/login_system.rb', line 72

def 
  if ['rss', 'atom', 'txt', 'ics', 'xml'].include?(params[:format])
    # Login based on the token GET parameter
    if (user = User.where(:token => params[:token]).first)
      set_current_user(user)
      return true
    end
    # Allow also login based on auth data
    auth = get_basic_auth_data
    if (user = User.where(:login => auth[:user], :token => auth[:pass]).first)
      set_current_user(user)
      return true
    end
  end
  
end

#login_requiredObject (protected)

login_required filter. add

before_action :login_required

if the controller should be under any rights management. for finer access control you can overwrite

def authorize?(user) 


98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'lib/login_system.rb', line 98

def 
  if not protect?(action_name)
    return true
  end

  

  if session['user_id'] && authorize?(get_current_user)
    return true
  end

  auth = get_basic_auth_data
  if (user = User.authenticate(auth[:user], auth[:pass]))
    session['user_id'] = user.id
    set_current_user(user)
    return true
  end

  # store current location so that we can
  # come back after the user logged in
  store_location unless params[:format] == 'js'

  # call overwriteable reaction to unauthorized access
  access_denied
  return false
end

#logout_user(message = t('login.logged_out')) ⇒ Object

Logout the #current_user and redirect to login page

Parameters:

  • message (String) (defaults to: t('login.logged_out'))

    notification to display



15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/login_system.rb', line 15

def logout_user(message = t('login.logged_out'))
  @user.forget_me if logged_in?
  cookies.delete :auth_token
  session['user_id'] = nil
  if SITE_CONFIG['authentication_schemes'].include?('cas') && session[:cas_user]
    CASClient::Frameworks::Rails::Filter.logout(self)
  else
    reset_session
    notify :notice, message
    
  end
end

#prefsObject 



8
9
10
 
# File 'lib/login_system.rb', line 8

def prefs
  current_user.prefs unless current_user.nil?
end

#protect?(action) ⇒ Boolean (protected)

overwrite this method if you only want to protect certain actions of the controller example:

  1. don’t protect the login and the about method def protect?(action) if [‘action’, ‘about’].include?(action) return false else return true end end

Returns:

  • (Boolean) 


53
54
55
 
# File 'lib/login_system.rb', line 53

def protect?(action)
  true
end

#redirect_back_or_default(default) ⇒ Object (protected)

move to the last store_location call or to the passed default one



179
180
181
182
183
184
185
186
 
# File 'lib/login_system.rb', line 179

def redirect_back_or_default(default)
  if session['return-to'].nil?
    redirect_to default
  else
    redirect_to session['return-to']
    session['return-to'] = nil
  end
end

#redirect_to_loginObject (private)

Redirect the user to the login page.



219
220
221
222
223
224
225
 
# File 'lib/login_system.rb', line 219

def 
  respond_to do |format|
    format.html { redirect_to  }
    format.js { render js: "redirect_to('" +  + "')" }
    format.m { redirect_to (:format => 'm') }
  end
end

#set_current_user(user) ⇒ Object (protected) 



153
154
155
156
 
# File 'lib/login_system.rb', line 153

def set_current_user(user)
  @user = user
  User.update(@user.id, last_login_at: Time.zone.now)
end

#store_locationObject (protected)

store current uri in the session. we can return to this location by calling return_location



174
175
176
 
# File 'lib/login_system.rb', line 174

def store_location
  session['return-to'] = request.url
end