module Rad::Controller::Authenticated module RoutingHelper %w(login logout signup).each do |path| define_method "#{path}_path" do |*args| options = parse_routing_arguments *args options = { host: rad.users.host, port: rad.users.port, url_root: rad.users.url_root, l: I18n.locale, _return_to: (workspace.params[:_return_to] || workspace.request.url) }.merge(options) url_for_path "/#{path}", options end end def user_path *args options = parse_routing_arguments *args options = { # host: rad.users.host, # port: rad.users.port, url_root: rad.users.url_root, l: I18n.locale }.merge(options) name = options.delete(:id) # options[:url_root] = rad.config.users!.url_root! unless options.include? :url_root url_for_path "/profiles/#{name}/show", options end end protected rad.extension :prepare_current_user, self do define_method :prepare_current_user do user = login_from_basic_auth || login_from_session || login_from_cookie || login_as_anonymous raise "You probably don't create Anonymous User!" if user.nil? Models::User.current = user end end # # Authentication Methods # def login_from_basic_auth # TODO3 basic auth # authenticate_with_http_controller_basic do |login, password| # User.authenticate_by_password login, password unless login.blank? or password.blank? # end # username, password = request.credentials # User.authenticate_by_password username, password unless username.blank? or password.blank? end def login_from_cookie token = !request.cookies['auth_token'].blank? && Models::SecureToken.by_token(request.cookies['auth_token']) if token and !token[:user_id].blank? id = BSON::ObjectId.from_string token[:user_id] if user = Models::User.first(_id: id, state: 'active') request.session['user_id'] = user._id.to_s user end end end def login_from_session id = request.session['user_id'] Models::User.by_id BSON::ObjectId.from_string(id) unless id.blank? end def login_as_anonymous request.session['user_id'] = Models::User.anonymous._id.to_s Models::User.anonymous end def return_to_path_for_login return_to_path end def return_to_path_for_logout return_to_path end def set_current_user_with_updating_session user current_user = Models::User.current user.must_not == current_user # Clear clear_session! unless current_user.anonymous? Models::SecureToken.delete_all user_id: current_user._id.to_s response.delete_cookie 'auth_token' end # Set session and cookie token request.session['user_id'] = user._id.to_s unless user.anonymous? token = Models::SecureToken.new token[:user_id] = user._id.to_s token[:type] = 'cookie_auth' token.expires_at = 2.weeks.from_now token.save! response.set_cookie 'auth_token', value: token.token, expires: token.expires_at end Models::User.current = user end # # Special # PRESERVE_SESSION_KEYS = %w{authenticity_token} rad.after :http, bang: false do if rad.http.session session_id = rad.http.session.stringify_keys['key'] || raise("session key not defined!") PRESERVE_SESSION_KEYS << session_id unless PRESERVE_SESSION_KEYS.include? session_id end end def clear_session! session = request.session session['dumb_key'] # hack, need this to initialize session, othervise it's empty to_delete = session.keys.select{|key| !PRESERVE_SESSION_KEYS.include?(key.to_s)} to_delete.each{|key| session.delete key} end end Rad::Controller::Http.inherit Rad::Controller::Authenticated [Rad::Controller::Abstract, Rad::Controller::Context].each do |klass| klass.inherit Rad::Controller::Authenticated::RoutingHelper end