From adce5596db707833e3d180708582dbc7fff4f305 Mon Sep 17 00:00:00 2001
From: Martin Edenhofer <me@edenhofer.de>
Date: Fri, 20 Apr 2012 08:45:22 +0200
Subject: [PATCH] Moved to logon sessions for authentication.

---
 app/controllers/application_controller.rb | 12 +++++++
 app/controllers/sessions_controller.rb    | 43 ++++++++++++++++++++---
 2 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1340239e6..6506024af 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -92,6 +92,18 @@ class ApplicationController < ActionController::Base
       return false
     end
 
+    # check logon session
+    if params['logon_session'] 
+      session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
+      if session
+        userdata = User.find( user_id = session.data[:user_id] )
+      end
+
+      # set logon session user to current user
+      current_user_set(userdata)
+      return true
+    end
+
     # return auth not ok (no session exists)
     if !session[:user_id]
       message = 'no valid session, user_id'
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 9bf351888..ba44038b9 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -12,6 +12,7 @@ class SessionsController < ApplicationController
     # auth failed
     if !user
       render :json => { :error => 'login failed' }, :status => :unprocessable_entity
+      return
     end
     
     # do not show password
@@ -27,15 +28,47 @@ class SessionsController < ApplicationController
     
     # set session user_id
     session[:user_id] = user.id
-    
+
+    # check logon session
+    logon_session_key = nil
+    if params['logon_session']
+      puts 'create sessions session con'
+      logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
+      ActiveRecord::SessionStore::Session.create(
+        :session_id => logon_session_key,
+        :data => {
+          :user_id => user.id
+        }
+      )
+    end
+
     # return new session data
-    render :json => { :session => user, :default_collections => default_collection }, :status => :created
+    render :json => {
+      :session             => user,
+      :default_collections => default_collection,
+      :logon_session       => logon_session_key,
+    },
+    :status => :created
   end
 
   def show
-    
+
+    user_id = nil
+
     # no valid sessions
-    if !session[:user_id]
+    if session[:user_id]
+      user_id = session[:user_id]
+    end
+
+    # check logon session
+    if params['logon_session']
+      session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
+      if session
+        user_id = session.data[:user_id]
+      end
+    end
+
+    if !user_id
       render :json => {
         :error  => 'no valid session',
         :config => config_frontend,
@@ -45,7 +78,7 @@ class SessionsController < ApplicationController
 
     # Save the user ID in the session so it can be used in
     # subsequent requests
-    user = user_data_full( session[:user_id] )
+    user = user_data_full( user_id )
 
     # auto population of default collections
     default_collection = default_collections()