Moved to logon sessions for authentication.

2012-04-20 08:45:22 +02:00 · 2012-04-20 08:45:22 +02:00 · adce5596db
commit adce5596db
parent 4013450a5a
2 changed files with 50 additions and 5 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -92,6 +92,18 @@ class ApplicationController < ActionController::Base
      return false
    end

+    # check logon session
+    if params['logon_session'] 
+      session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
+      if session
+        userdata = User.find( user_id = session.data[:user_id] )
+      end
+
+      # set logon session user to current user
+      current_user_set(userdata)
+      return true
+    end
+
    # return auth not ok (no session exists)
    if !session[:user_id]
      message = 'no valid session, user_id'
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -12,6 +12,7 @@ class SessionsController < ApplicationController
    # auth failed
    if !user
      render :json => { :error => 'login failed' }, :status => :unprocessable_entity
+      return
    end
    
    # do not show password
@ -27,15 +28,47 @@ class SessionsController < ApplicationController
    
    # set session user_id
    session[:user_id] = user.id
-    
+
+    # check logon session
+    logon_session_key = nil
+    if params['logon_session']
+      puts 'create sessions session con'
+      logon_session_key = Digest::MD5.hexdigest( rand(999999).to_s + Time.new.to_s )
+      ActiveRecord::SessionStore::Session.create(
+        :session_id => logon_session_key,
+        :data => {
+          :user_id => user.id
+        }
+      )
+    end
+
    # return new session data
-    render :json => { :session => user, :default_collections => default_collection }, :status => :created
+    render :json => {
+      :session             => user,
+      :default_collections => default_collection,
+      :logon_session       => logon_session_key,
+    },
+    :status => :created
  end

  def show
-    
+
+    user_id = nil
+
    # no valid sessions
-    if !session[:user_id]
+    if session[:user_id]
+      user_id = session[:user_id]
+    end
+
+    # check logon session
+    if params['logon_session']
+      session = ActiveRecord::SessionStore::Session.where( :session_id => params['logon_session'] ).first
+      if session
+        user_id = session.data[:user_id]
+      end
+    end
+
+    if !user_id
      render :json => {
        :error  => 'no valid session',
        :config => config_frontend,
@ -45,7 +78,7 @@ class SessionsController < ApplicationController

    # Save the user ID in the session so it can be used in
    # subsequent requests
-    user = user_data_full( session[:user_id] )
+    user = user_data_full( user_id )

    # auto population of default collections
    default_collection = default_collections()