rails_generators/rx_config/templates/restfulx.erb in restfulx-1.2.2 vs rails_generators/rx_config/templates/restfulx.erb in restfulx-1.2.3

@@ -1,13 +1,49 @@
-# When you do file uploads from Flash with File.upload() that, unfortunately generates a new session id,
-# which will fail to authenticate if you are using restful-authentication plugin or equivalent.
-#
-# The following code is a work-around for the Flash bug that prevents file uploader
-# from sending correct session_id. Here, we hack the Session#initialize method and force the session_id
-# to load from the query string via the request URI.
-#
-# Based on the code from http://seventytwo.co.uk/posts/making-swfupload-and-rails-work-together
+# the following patches allow us to overwrite session key on file uploads from Flash, 
+# which ends up creating a new session for every File.upload() invocation.
+
+<% if RAILS_GEM_VERSION =~ /^2.3/ -%>
+require 'rack/utils'
+
+class FlashSessionCookieMiddleware
+  def initialize(app, session_key = '_session_id')
+    @app = app
+    @session_key = session_key
+    @session_token = "_session_id"
+  end
+
+  def call(env)
+    if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/
+      params = ::Rack::Utils.parse_query(env['QUERY_STRING'])
+      env['HTTP_COOKIE'] = [ @session_key, params[@session_token] ].join('=').freeze unless params[@session_token].nil?
+    end
+    @app.call(env)
+  end
+end
+
+class FlexNestedAttributeMiddleware
+  def initialize(app)
+    @app = app
+  end
+  
+  def call(env)
+    req = Rack::Request.new(env)
+    if req && req.path_info =~ /\.fxml$/
+      if req.put? || req.post? || req.delete?
+        req.params.each do |key,value|
+          value.select { |k,v| k =~ /\_attributes$/ }.each do |match|
+            env['rack.request.form_hash'][key][match[0]] = ActiveSupport::JSON.decode(match[1])
+          end
+        end
+      end
+    end
+    @app.call(env)
+  end
+end
+
+ActionController::Dispatcher.middleware.insert_after 'ActionController::ParamsParser', FlexNestedAttributeMiddleware
+<% else -%>
 class CGI::Session
   alias original_initialize initialize
 
   def initialize(request, option = {})
     option = scan_for_session_id(request, '_session_id', option) unless option['session_id']
@@ -24,9 +60,10 @@
       option['session_id'] = query_string.scan(/#{session_key}=(.*?)(&.*?)*$/).flatten.first
     end
     return option
   end
 end
+<% end -%>
 
 # If you have configured your Rails/Flex/AIR application to share authenticity_token
 # comment this out to enable forgery protection. By default, this is disabled to allow
 # generated code to work out of the box.
 ActionController::Base.allow_forgery_protection = false
\ No newline at end of file