Permalink
Browse files

Basic admin authentication using OpenID, add `before_filter :ensure_s…

…igned_in` in controllers to use.
  • Loading branch information...
whacao
whacao committed Sep 13, 2011
1 parent 3eda7c3 commit 0ad0e439598e576338d679a59d4fe110f0ad1d7c
View
@@ -11,6 +11,8 @@ gem 'paperclip', '~> 2.3'
gem 'acts-as-dag', '~> 2.5.3'
gem 'formatize'
gem 'jquery-rails', '~>1.0.12'
+gem "ruby-openid"
+gem "rack-openid"
# Use unicorn as the web server
# gem 'unicorn'
View
@@ -60,6 +60,9 @@ GEM
rack (1.2.3)
rack-mount (0.6.14)
rack (>= 1.0.0)
+ rack-openid (1.3.1)
+ rack (>= 1.1.0)
+ ruby-openid (>= 2.1.8)
rack-test (0.5.7)
rack (>= 1.0)
rails (3.0.9)
@@ -78,6 +81,7 @@ GEM
thor (~> 0.14.4)
rake (0.9.2)
rdoc (3.6.1)
+ ruby-openid (2.1.8)
sqlite3 (1.3.3-x86-mingw32)
thor (0.14.6)
treetop (1.4.9)
@@ -93,5 +97,7 @@ DEPENDENCIES
jquery-rails (~> 1.0.12)
kaminari
paperclip (~> 2.3)
+ rack-openid
rails (= 3.0.9)
+ ruby-openid
sqlite3
@@ -1,6 +1,7 @@
# require 'digest/md5'
class ApplicationController < ActionController::Base
protect_from_forgery
+ include AuthenticationHelper
protected
#TODO need to move to Post model
@@ -0,0 +1,31 @@
+class SessionsController < ApplicationController
+ skip_before_filter :verify_authenticity_token
+
+ def new
+ response.headers['WWW-Authenticate'] = Rack::OpenID.build_header(
+ :identifier => AppConfig.admin_openid_discovery_url,
+ :return_to => session_url,
+ :method => 'POST')
+ head 401
+ end
+
+ def create
+ if openid = request.env[Rack::OpenID::RESPONSE]
+ if openid.status == :success && openid.display_identifier == AppConfig.admin_openid
+ ax = OpenID::AX::FetchResponse.from_success_response(openid)
+ session[:logged_in] = true
+ redirect_to(session[:redirect_to] || root_path)
+ else
+ #render :action => 'problem'
+ redirect_to new_session_path
+ end
+ else
+ redirect_to new_session_path
+ end
+ end
+
+ def destroy
+ session[:logged_in] = nil
+ redirect_to root_path
+ end
+end
@@ -0,0 +1,12 @@
+module AuthenticationHelper
+ def signed_in?
+ !session[:logged_in].nil?
+ end
+
+ def ensure_signed_in
+ unless signed_in?
+ session[:redirect_to] = request.request_uri
+ redirect_to(new_session_path)
+ end
+ end
+end
@@ -2,3 +2,5 @@
AppConfig.site_title = 'Mei the imageboard'
AppConfig.last_reply_count = 3 # Number of last replies to disply on index
# AppConfig.post_per_page = 5 # Number of post to show on index
+AppConfig.admin_openid_discovery_url = '' # OpenID generalized url (can be the same as admin openid but will lose a bit privacy)
+AppConfig.admin_openid = '' # OpenID url (Your personal OpenID url)
View
@@ -1,6 +1,7 @@
require File.expand_path('../boot', __FILE__)
require 'rails/all'
+require 'rack/openid'
# If you have a Gemfile, require the gems listed there, including any gems
# you've limited to :test, :development, or :production.
@@ -38,5 +39,7 @@ class Application < Rails::Application
# Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password]
+
+ config.middleware.use 'Rack::OpenID'
end
end
View
@@ -4,6 +4,8 @@
resources :posts
end
+ resource :session
+
# The priority is based upon order of creation:
# first created -> highest priority.

0 comments on commit 0ad0e43

Please sign in to comment.