1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# controllers/application.rb:
# Parent class of all controllers in FOI site. Filters added to this controller
# apply to all controllers in the application. Likewise, all the methods added
# will be available for all controllers.
#
# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
# Email: francis@mysociety.org; WWW: http://www.mysociety.org/
#
# $Id: application.rb,v 1.12 2007-10-10 16:06:17 francis Exp $
class ApplicationController < ActionController::Base
# Standard hearders, footers and navigation for whole site
layout "default"
# Pick a unique cookie name to distinguish our session data from others'
session :session_key => '_foi_session_id'
# Login form
def signin
# The explict signin link uses this to store where it is to go back to
if params[:r]
session[:request_uri] = params[:r]
end
if not params[:user]
# First time page is shown
render :template => 'user_accounts/signin' and return
elsif params[:returning] == "0"
# "I am new to FOIFA"
session[:email] = params[:user][:email]
redirect_to :action => 'signup' and return
elsif params[:returning] == "1"
# "I am returning to FOIFA and my password is"
@user = User.authenticate(params[:user][:email], params[:user][:password])
if @user
# Successful login
session[:user] = @user.id
post_redirect session[:intended_uri], session[:intended_params] and return
else
# Failed to authenticate
flash[:error] = "Email or password not correct, please try again"
end
@user = User.new(params[:user])
render :template => 'user_accounts/signin' and return
else
# Form submitted, but didn't specify whether had already used FOIFA or not
flash[:error] = "Please say whether you already have a FOIFA account or not"
@user = User.new(params[:user])
render :template => 'user_accounts/signin' and return
end
end
# Create new account form
def signup
# Default to value saved from signin form
params[:user] ||= { :email => session[:email] }
# Make the user and try to save it
@user = User.new(params[:user])
if not @user.save
render :template => 'user_accounts/signup'
else
# New user made, redirect back to where we were
session[:user] = @user.id
post_redirect session[:intended_uri], session[:intended_params] and return
end
end
# Logout form
def signout
session[:user] = nil
if params[:r]
redirect_to params[:r]
else
redirect_to :action => "index"
end
end
private
# Check the user is logged in
def authenticated?
unless session[:user]
session[:intended_uri] = @request.request_uri
session[:intended_params] = params
redirect_to :action => "signin"
return false
end
return true
end
# Return logged in user
def authenticated_user
return User.find(session[:user])
end
# Post redirect
def post_redirect(uri, params)
session[:post_redirect_params] = params
# XXX what is built in Ruby URI munging function?
if uri.include?("?")
uri += "&post_redirect=1"
else
uri += "?post_redirect=1"
end
redirect_to uri
end
# Default layout shows user in corner, so needs access to it
before_filter :authentication_check
def authentication_check
if session[:user]
@user = authenticated_user
end
end
# If we are in a redirect to POST request, then set params
before_filter :check_in_post_redirect
def check_in_post_redirect
if params[:post_redirect]
params.update(session[:post_redirect_params])
end
end
# For administration interface, return display name of authenticated user
def admin_http_auth_user
if not request.env["REMOTE_USER"]
return "*unknown*";
else
return request.env["REMOTE_USER"]
end
end
end
|
