diff options
Diffstat (limited to 'app/controllers/application.rb')
| -rw-r--r-- | app/controllers/application.rb | 90 |
1 files changed, 12 insertions, 78 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 1fde074a9..d0d0fef7e 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.19 2007-10-31 12:39:58 francis Exp $ +# $Id: application.rb,v 1.20 2007-10-31 17:25:29 francis Exp $ class ApplicationController < ActionController::Base @@ -16,74 +16,6 @@ class ApplicationController < ActionController::Base # Pick a unique cookie name to distinguish our session data from others' session :session_key => '_foi_session_id' - # Login form - def signin - # The explict signin link uses this to store where it is to go back to - if params[:r] - session[:intended_uri] = params[:r] - session[:intended_params] = nil - end - - if not params[:user] - # First time page is shown - render :template => 'user_accounts/signin' and return - else - @user = User.authenticate(params[:user][:email], params[:user][:password]) - if @user - # Successful login - session[:user] = @user.id - post_redirect session[:intended_uri], session[:intended_params] and return - else - if User.find(:first, :conditions => [ "email = ?", params[:user][:email] ]) - # Failed to authenticate - flash[:error] = "Password not correct, please try again" - @user = User.new(params[:user]) - render :template => 'user_accounts/signin' and return - else - # "I am new to FOIFA" - session[:email] = params[:user][:email] - session[:password] = params[:user][:password] - session[:first_time] = true - redirect_to :action => 'signup' and return - end - end - end - end - - # Create new account form - def signup - # Default to value saved from signin form - params[:user] ||= { :email => session[:email] } - params[:user] ||= { :password => session[:password] } - - # Make the user and try to save it - @user = User.new(params[:user]) - if not @user.save - # First time get to form (e.g. from signin) , don't show errors - if session[:first_time] - @first_time = true - @user.errors.clear - session[:first_time] = false - end - # Show the form - render :template => 'user_accounts/signup' - else - # New user made, redirect back to where we were - session[:user] = @user.id - post_redirect session[:intended_uri], session[:intended_params] and return - end - end - - # Logout form - def signout - session[:user] = nil - if params[:r] - redirect_to params[:r] - else - redirect_to :action => "index" - end - end - private # Check the user is logged in @@ -102,7 +34,9 @@ class ApplicationController < ActionController::Base return User.find(session[:user]) end - # Post redirect + # Do a POST redirect. This is a nasty hack - we store the posted values to + # the controller, and when the GET redirect with "?post_redirect=1" + # happens, load them in. def post_redirect(uri, params) session[:post_redirect_params] = params # XXX what is built in Ruby URI munging function? @@ -114,6 +48,14 @@ class ApplicationController < ActionController::Base redirect_to uri end + # If we are in a faked redirect to POST request, then set post params. + before_filter :check_in_post_redirect + def check_in_post_redirect + if params[:post_redirect] and session[:post_redirect_params] + params.update(session[:post_redirect_params]) + end + end + # Default layout shows user in corner, so needs access to it before_filter :authentication_check def authentication_check @@ -122,14 +64,6 @@ class ApplicationController < ActionController::Base end end - # If we are in a redirect to POST request, then set params - before_filter :check_in_post_redirect - def check_in_post_redirect - if params[:post_redirect] and session[:post_redirect_params] - params.update(session[:post_redirect_params]) - end - end - # For administration interface, return display name of authenticated user def admin_http_auth_user if not request.env["REMOTE_USER"] |