diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin_user_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 14 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 2 |
3 files changed, 10 insertions, 9 deletions
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb index b2c084739..249030537 100644 --- a/app/controllers/admin_user_controller.rb +++ b/app/controllers/admin_user_controller.rb @@ -74,10 +74,9 @@ class AdminUserController < AdminController def login_as @admin_user = User.find(params[:id]) # check user does exist - post_redirect = PostRedirect.new( :uri => main_url(user_url(@admin_user)), :user_id => @admin_user.id) + post_redirect = PostRedirect.new( :uri => main_url(user_url(@admin_user)), :user_id => @admin_user.id, :circumstance => "login_as" ) post_redirect.save! url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true)) - session[:user_id] = nil # Log out current (usually admin) user, so we get logged in as the other user redirect_to url end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 434f12a49..0ec8e206e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -151,8 +151,8 @@ class ApplicationController < ActionController::Base false end - # Called from test code, is a mimic of User.confirm, for use in following email - # links when in controller tests (since we don't have full integration tests that + # Called from test code, is a mimic of UserController.confirm, for use in following email + # links when in controller tests (though we also have full integration tests that # can work over multiple controllers) def test_code_redirect_by_email_token(token, controller_example_group) post_redirect = PostRedirect.find_by_email_token(token) @@ -178,7 +178,7 @@ class ApplicationController < ActionController::Base end def foi_fragment_cache_path(param) - path = File.join(RAILS_ROOT, 'cache', 'views', foi_fragment_cache_part_path(param)) + path = File.join(Rails.root, 'cache', 'views', foi_fragment_cache_part_path(param)) max_file_length = 255 - 35 # we subtract 35 because tempfile # adds on a variable number of # characters @@ -224,15 +224,15 @@ class ApplicationController < ActionController::Base post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params, :reason_params => reason_params) post_redirect.save! - # 'modal' controls whether the sign-in form will be displayed in the typical full-blown - # page or on its own, useful for pop-ups + # 'modal' controls whether the sign-in form will be displayed in the typical full-blown + # page or on its own, useful for pop-ups redirect_to signin_url(:token => post_redirect.token, :modal => params[:modal]) return false end return true end - def authenticated_as_user?(user, reason_params) + def authenticated_as_user?(user, reason_params) reason_params[:user_name] = user.name reason_params[:user_url] = show_user_url(:url_name => user.url_name) if session[:user_id] @@ -274,6 +274,8 @@ class ApplicationController < ActionController::Base # XXX what is the built in Ruby URI munging function that can do this # choice of & vs. ? more elegantly than this dumb if statement? if uri.include?("?") + # XXX This looks odd. What would a fragment identifier be doing server-side? + # But it also looks harmless, so I’ll leave it just in case. if uri.include?("#") uri.sub!("#", "&post_redirect=1#") else diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 403cb9684..08726183e 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -182,7 +182,7 @@ class UserController < ApplicationController return end - if !User.stay_logged_in_on_redirect?(@user) + if !User.stay_logged_in_on_redirect?(@user) || post_redirect.circumstance == "login_as" @user = post_redirect.user @user.email_confirmed = true @user.save! |