Improved authentication.

This commit is contained in:
Martin Edenhofer 2012-04-19 11:51:24 +02:00
parent c94a8f0814
commit 7f75940c03

View file

@ -3,18 +3,19 @@ class ApplicationController < ActionController::Base
# http_basic_authenticate_with :name => "test", :password => "ttt" # http_basic_authenticate_with :name => "test", :password => "ttt"
helper_method :current_user, :authentication_check, :config_frontend, :user_data_full helper_method :current_user, :authentication_check, :config_frontend, :user_data_full
before_filter :set_user, :cors_preflight_check
after_filter :set_access_control_headers, :trigger_events before_filter :set_user
before_filter :cors_preflight_check
after_filter :set_access_control_headers
after_filter :trigger_events
# For all responses in this controller, return the CORS access control headers. # For all responses in this controller, return the CORS access control headers.
def set_access_control_headers def set_access_control_headers
# headers['Access-Control-Allow-Origin'] = 'http://localhost/' headers['Access-Control-Allow-Origin'] = '*'
# headers['Access-Control-Request-Method'] = '*' headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
# headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version' headers['Access-Control-Max-Age'] = '1728000'
headers['Access-Control-Allow-Origin'] = 'http://localhost/' headers['Access-Control-Allow-Headers'] = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control'
headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, OPTIONS'
headers['Access-Control-Max-Age'] = "1728000"
headers['Access-Control-Allow-Headers'] = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control'
headers['Access-Control-Allow-Credentials'] = 'true' headers['Access-Control-Allow-Credentials'] = 'true'
end end
@ -23,13 +24,14 @@ class ApplicationController < ActionController::Base
# text/plain. # text/plain.
def cors_preflight_check def cors_preflight_check
if request.method == :options if request.method == 'OPTIONS'
headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS' headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, DELETE, OPTIONS'
headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-Prototype-Version' headers['Access-Control-Allow-Headers'] = 'Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control'
headers['Access-Control-Max-Age'] = '1728000' headers['Access-Control-Max-Age'] = '1728000'
# headers['Access-Control-Allow-Credentials'] = 'true' headers['Access-Control-Allow-Credentials'] = 'true'
render :text => '', :content_type => 'text/plain' render :text => '', :content_type => 'text/plain'
return false
end end
end end
@ -51,14 +53,13 @@ class ApplicationController < ActionController::Base
end end
def authentication_check def authentication_check
logger.debug 'authentication_check' puts 'authentication_check'
# logger.debug session.inspect
# puts params.inspect
# check http basic auth # check http basic auth
authenticate_with_http_basic do |user, password| authenticate_with_http_basic do |user, password|
logger.debug 'http basic auth check' puts 'http basic auth check'
# logger.debug user
# logger.debug password
userdata = User.where( :login => user ).first userdata = User.where( :login => user ).first
message = '' message = ''
if !userdata if !userdata
@ -69,23 +70,23 @@ class ApplicationController < ActionController::Base
end end
end end
if message != '' # return auth ok
render( return true if message == ''
:json => {
:error => message, # return auth not ok
}, render(
:status => :unauthorized :json => {
) :error => message,
end },
:status => :unauthorized
)
return false return false
end end
# logger.debug 'session check' # return auth not ok (no session exists)
# logger.debug session.inspect
# session[:user_id] = 2
if !session[:user_id] if !session[:user_id]
logger.debug '!session user_id'
message = 'no valid session, user_id' message = 'no valid session, user_id'
puts message
render( render(
:json => { :json => {
:error => message, :error => message,
@ -95,14 +96,14 @@ class ApplicationController < ActionController::Base
return false return false
end end
# return 1231 # return auth ok
# request_http_basic_authentication return true
return false
end end
# Sets the current user into a named Thread location so that it can be accessed # Sets the current user into a named Thread location so that it can be accessed
# by models and observers # by models and observers
def set_user def set_user
puts 'set_user'
UserInfo.current_user_id = session[:user_id] UserInfo.current_user_id = session[:user_id]
end end