-
Notifications
You must be signed in to change notification settings - Fork 944
/
Copy pathsession_methods.rb
91 lines (73 loc) · 2.67 KB
/
session_methods.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
module SessionMethods
extend ActiveSupport::Concern
private
##
# Read @preferred_auth_provider and @client_app_name from oauth2 authorization request's referer
def parse_oauth_referer(referer)
referer_query = URI(referer).query if referer
return unless referer_query
ref_params = CGI.parse referer_query
preferred = ref_params["preferred_auth_provider"].first
@preferred_auth_provider = preferred if preferred && Settings.key?(:"#{preferred}_auth_id")
@client_app_name = Oauth2Application.where(:uid => ref_params["client_id"].first).pick(:name)
end
##
# return the URL to use for authentication
def auth_url(provider, uid, referer = nil)
params = { :provider => provider }
params[:openid_url] = uid if provider == "openid"
if referer.nil?
params[:origin] = request.path
else
params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
params[:referer] = referer
end
auth_path(params)
end
##
# process a successful login
def successful_login(user, referer = nil)
session[:user] = user.id
session[:fingerprint] = user.fingerprint
session_expires_after 28.days if session[:remember_me]
target = referer || url_for(:controller => :site, :action => :index)
# The user is logged in, so decide where to send them:
#
# - If they haven't seen the contributor terms, send them there.
# - If they have a block on them, show them that.
# - If they were referred to the login, send them back there.
# - Otherwise, send them to the home page.
if !user.terms_seen
redirect_to :controller => :users, :action => :terms, :referer => target
elsif user.blocked_on_view
redirect_to user.blocked_on_view, :referer => target
else
redirect_to target
end
session.delete(:remember_me)
end
##
# process a failed login
def failed_login(message, username, referer = nil)
flash[:error] = message
redirect_to :controller => "sessions", :action => "new", :referer => referer,
:username => username, :remember_me => session[:remember_me]
session.delete(:remember_me)
end
##
#
def unconfirmed_login(user, referer = nil)
session[:pending_user] = user.id
redirect_to :controller => "confirmations", :action => "confirm",
:display_name => user.display_name, :referer => referer
session.delete(:remember_me)
end
##
#
def disable_terms_redirect
# this is necessary otherwise going to the user terms page, when
# having not agreed already would cause an infinite redirect loop.
# it's .now so that this doesn't propagate to other pages.
flash.now[:skip_terms] = true
end
end