Blob of lib/authenticated_system.rb (raw blob data)

1 module AuthenticatedSystem
2 protected
3 # Returns true or false if the user is logged in.
4 # Preloads @current_user with the user model if they're logged in.
5 def logged_in?
6 current_user != :false
7 end
8
9 # Accesses the current user from the session. Set it to :false if login fails
10 # so that future calls do not hit the database.
11 def current_user
12 @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)
13 end
14
15 # Store the given user in the session.
16 def current_user=(new_user)
17 session[:user_id] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
18 @current_user = new_user
19 end
20
21 # Check if the user is authorized
22 #
23 # Override this method in your controllers if you want to restrict access
24 # to only a few actions or if you want to check if the user
25 # has the correct rights.
26 #
27 # Example:
28 #
29 # # only allow nonbobs
30 # def authorized?
31 # current_user.login != "bob"
32 # end
33 def authorized?
34 logged_in?
35 end
36
37 # Filter method to enforce a login requirement.
38 #
39 # To require logins for all actions, use this in your controllers:
40 #
41 # before_filter :login_required
42 #
43 # To require logins for specific actions, use this in your controllers:
44 #
45 # before_filter :login_required, :only => [ :edit, :update ]
46 #
47 # To skip this in a subclassed controller:
48 #
49 # skip_before_filter :login_required
50 #
51 def login_required
52 authorized? || access_denied
53 end
54
55 # Redirect as appropriate when an access request fails.
56 #
57 # The default action is to redirect to the login screen.
58 #
59 # Override this method in your controllers if you want to have special
60 # behavior in case the user is not authorized
61 # to access the requested action. For example, a popup window might
62 # simply close itself.
63 def access_denied
64 respond_to do |accepts|
65 accepts.html do
66 store_location
67 flash[:error] = "Action requires login"
68 redirect_to :controller => '/sessions', :action => 'new'
69 end
70 accepts.xml do
71 headers["Status"] = "Unauthorized"
72 headers["WWW-Authenticate"] = %(Basic realm="Web Password")
73 render :text => "Could't authenticate you", :status => '401 Unauthorized'
74 end
75 end
76 false
77 end
78
79 # Store the URI of the current request in the session.
80 #
81 # We can return to this location by calling #redirect_back_or_default.
82 def store_location
83 session[:return_to] = request.request_uri
84 end
85
86 # Redirect to the URI stored by the most recent store_location call or
87 # to the passed default.
88 def redirect_back_or_default(default)
89 session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
90 session[:return_to] = nil
91 end
92
93 # Inclusion hook to make #current_user and #logged_in?
94 # available as ActionView helper methods.
95 def self.included(base)
96 base.send :helper_method, :current_user, :logged_in?
97 end
98
99 # Called from #current_user. First attempt to login by the user id stored in the session.
100 def login_from_session
101 self.current_user = User.find_by_id(session[:user_id]) if session[:user_id]
102 end
103
104 # Called from #current_user. Now, attempt to login by basic authentication information.
105 def login_from_basic_auth
106 username, passwd = get_auth_data
107 self.current_user = User.authenticate(username, passwd) if username && passwd
108 end
109
110 # Called from #current_user. Finaly, attempt to login by an expiring token in the cookie.
111 def login_from_cookie
112 user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
113 if user && user.remember_token?
114 user.remember_me
115 cookies[:auth_token] = { :value => user.remember_token, :expires => user.remember_token_expires_at }
116 self.current_user = user
117 end
118 end
119
120 private
121 @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
122 # gets BASIC auth info
123 def get_auth_data
124 auth_key = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
125 auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
126 return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
127 end
128 end