Moved to logon sessions for authentication.
This commit is contained in:
Martin Edenhofer
parent
4013450a5a
commit
adce5596db
2 changed files with 50 additions and 5 deletions
|
|
@ -92,6 +92,18 @@ class ApplicationController < ActionController::Base
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# check logon session
|
||||||
|
if params['logon_session']
|
||||||
|
session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
|
||||||
|
if session
|
||||||
|
userdata = User.find( user_id = session.data[:user_id] )
|
||||||
|
end
|
||||||
|
|
||||||
|
# set logon session user to current user
|
||||||
|
current_user_set(userdata)
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
# return auth not ok (no session exists)
|
# return auth not ok (no session exists)
|
||||||
if !session[:user_id]
|
if !session[:user_id]
|
||||||
message = 'no valid session, user_id'
|
message = 'no valid session, user_id'
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@ class SessionsController < ApplicationController
|
||||||
# auth failed
|
# auth failed
|
||||||
if !user
|
if !user
|
||||||
render :json => { :error => 'login failed' }, :status => :unprocessable_entity
|
render :json => { :error => 'login failed' }, :status => :unprocessable_entity
|
||||||
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
# do not show password
|
# do not show password
|
||||||
|
|
@ -28,14 +29,46 @@ class SessionsController < ApplicationController
|
||||||
# set session user_id
|
# set session user_id
|
||||||
session[:user_id] = user.id
|
session[:user_id] = user.id
|
||||||
|
|
||||||
|
# check logon session
|
||||||
|
logon_session_key = nil
|
||||||
|
if params['logon_session']
|
||||||
|
puts 'create sessions session con'
|
||||||
|
logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
|
||||||
|
ActiveRecord::SessionStore::Session.create(
|
||||||
|
:session_id => logon_session_key,
|
||||||
|
:data => {
|
||||||
|
:user_id => user.id
|
||||||
|
}
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
# return new session data
|
# return new session data
|
||||||
render :json => { :session => user, :default_collections => default_collection }, :status => :created
|
render :json => {
|
||||||
|
:session => user,
|
||||||
|
:default_collections => default_collection,
|
||||||
|
:logon_session => logon_session_key,
|
||||||
|
},
|
||||||
|
:status => :created
|
||||||
end
|
end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
|
|
||||||
|
user_id = nil
|
||||||
|
|
||||||
# no valid sessions
|
# no valid sessions
|
||||||
if !session[:user_id]
|
if session[:user_id]
|
||||||
|
user_id = session[:user_id]
|
||||||
|
end
|
||||||
|
|
||||||
|
# check logon session
|
||||||
|
if params['logon_session']
|
||||||
|
session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
|
||||||
|
if session
|
||||||
|
user_id = session.data[:user_id]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if !user_id
|
||||||
render :json => {
|
render :json => {
|
||||||
:error => 'no valid session',
|
:error => 'no valid session',
|
||||||
:config => config_frontend,
|
:config => config_frontend,
|
||||||
|
|
@ -45,7 +78,7 @@ class SessionsController < ApplicationController
|
||||||
|
|
||||||
# Save the user ID in the session so it can be used in
|
# Save the user ID in the session so it can be used in
|
||||||
# subsequent requests
|
# subsequent requests
|
||||||
user = user_data_full( session[:user_id] )
|
user = user_data_full( user_id )
|
||||||
|
|
||||||
# auto population of default collections
|
# auto population of default collections
|
||||||
default_collection = default_collections()
|
default_collection = default_collections()
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue