Snacky / integration_api
watch download tarball
public
Forks2Right
Watchers17Right
Description: Single sign-on between Rails and other web apps such as Beast, Wordpress, or PunBB.
Homepage: http://greenfabric.com/page/integration_api_home_page
Clone URL: git://github.com/Snacky/integration_api.git
integration_api / integration_api_controller.rb
100644 93 lines (74 sloc) 2.582 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

#
# Licensed under the Open Source GNU public license.
# Copyright (C) 2008 Robb Shecter, greenfabric.com
#
class IntegrationApiController < ApplicationController
  before_filter :security_check, :only => [:user, :config_info]
 
  # For security reasons, a vague error message
  # is given when not in debug mode.
  VAGUE_ERROR = "HTTP 501 -- Server error.\n"
 
 
  # Implementation of the public JSON Integration API:
 
  #
  # Return user attributes, if there is a person logged in.
  #
  def user
    user = restore_session_user(params[INTEGRATION_API_SESSION_ID_PARAM], INTEGRATION_API_SESSION_USER_ID_KEY)
 
    respond_to do |format|
      format.json { render :json => user.to_json }
      format.text { render :text => user.to_yaml }
    end
  end
 
  #
  # Return the configuration info for this server.
  #
  def config_info
    # First add the cookie name to the constants.
    cookie_name = ActionController::Base.cached_session_options[0][:session_key]
    data = INTEGRATION_API_CONFIG.dup
    data[:cookie_name] = cookie_name
 
    respond_to do |format|
      format.json { render :json => data.to_json }
      format.text { render :text => data.to_yaml }
    end
  end
 
 
 
 
  private  
 
  def security_check
    if    (! INTEGRATION_API_REQUIRED_PORT.nil?) && (INTEGRATION_API_REQUIRED_PORT != request.port)
      render :text => error("Bad port: #{INTEGRATION_API_REQUIRED_PORT} is required, but got #{request.port}\n")
    elsif (! INTEGRATION_API_REQUIRED_HOST.nil?) && (INTEGRATION_API_REQUIRED_HOST != request.host)
      render :text => error("Bad host: #{INTEGRATION_API_REQUIRED_HOST} is required, but got #{request.host}\n")
    end
  end
 
  #
  # Return an error message, taking the debug setting
  # into account for security purposes.
  #
  def error(error_message)
    if INTEGRATION_API_DEBUG
      return error_message
    else
      return VAGUE_ERROR
    end
  end
  
 
  #
  # Return a user from the given session id.
  # Return nil on failure.
  #
  # Adapted from http://railsauthority.com/tutorial/...
  #   restoring-rails-session-data-when-cookies-arent-available
  #
  def restore_session_user(session_id, user_id_session_key)
    session_obj = CGI::Session::ActiveRecordStore::Session.find_by_session_id(session_id)
    if session_obj.nil?
      # Session not found.
      return nil
    end
    
    # Session found; user may or may not be logged in,
    user_id = session_obj.data[user_id_session_key]
    if user_id.nil?
      # No user in the session -- user not logged in.
      return nil
    end
 
    return User.find(user_id)  
  end  
 
end