require 'action_controller' # :nodoc: namespace module AuthpwnRails # :nodoc: namespace module Session # Mixed into ActiveController::Base module ControllerMixin def self.included(base) base.send :extend, ControllerClassMethods end end # Methods here become ActiveController::Base class methods. module ControllerClassMethods # Keeps track of the currently authenticated user via the session. # # Assumes the existence of a User model. A bare ActiveModel model will do the # trick. Model instances must implement id, and the model class must implement # find_by_id. def authenticates_using_session(options = {}) include ControllerInstanceMethods before_filter :authenticate_using_session, options end # Turns the current controller into the session processing controller. # # Right now, this should be called from SessionController. The controller name # is hardwired in other parts of the implementation. def authpwn_session_controller include SessionControllerInstanceMethods authenticates_using_session end end # Included in controllers that call authenticates_using_session. module ControllerInstanceMethods attr_reader :current_user def current_user=(user) @current_user = user if user session[:current_user_id] = user.to_param else session.delete :current_user_id end end def authenticate_using_session return true if current_user user_param = session[:current_user_id] user = user_param && User.find_by_param(user_param) self.current_user = user if user end private :authenticate_using_session end # Included in controllers that call authenticates_using_session. module SessionControllerInstanceMethods # GET /session/new def new @user = User.new redirect_to session_url if current_user end # GET /session def show @user = current_user || User.new if @user.new_record? welcome render :action => :welcome else home render :action => :home end end # POST /session def create @user = User.new params[:user] self.current_user = User.find_by_email_and_password @user.email, @user.password respond_to do |format| if current_user format.html { redirect_to session_url } else format.html do redirect_to new_session_url, :notice => 'Invalid e-mail or password' end end end end # DELETE /session def destroy self.current_user = nil redirect_to session_url end # Hook for setting up the home view. def home end private :home # Hook for setting up the welcome view. def welcome end private :welcome end # module Authpwn::Session::SessionControllerInstanceMethods ActionController::Base.send :include, ControllerMixin # :nodoc: add session modification class ActionController::TestCase # Sets the authenticated user in the test session. def set_session_current_user(user) request.session[:current_user_id] = user ? user.to_param : nil end # The authenticated user in the test session. def session_current_user return nil unless user_param = request.session[:current_user_id] User.find_by_param user_param end end end # namespace AuthpwnRails::Session end # namespace AuthpwnRails