-
Notifications
You must be signed in to change notification settings - Fork 254
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Extract EncryptedUser functionality for use in other controllers
- Loading branch information
Showing
3 changed files
with
76 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
module Blacklight::EncryptedUser | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
helper_method :encrypt_user_id | ||
|
||
rescue_from Blacklight::Exceptions::ExpiredSessionToken do | ||
head :unauthorized | ||
end | ||
|
||
end | ||
|
||
protected | ||
|
||
def token_or_current_or_guest_user | ||
token_user || current_or_guest_user | ||
end | ||
|
||
def token_user | ||
@token_user ||= if params[:encrypted_user_id] | ||
user_id = decrypt_user_id params[:encrypted_user_id] | ||
User.find(user_id) | ||
else | ||
nil | ||
end | ||
end | ||
|
||
# Used for #export action, with encrypted user_id. | ||
def decrypt_user_id(encrypted_user_id) | ||
user_id, timestamp = message_encryptor.decrypt_and_verify(encrypted_user_id) | ||
|
||
if timestamp < 1.hour.ago | ||
raise Blacklight::Exceptions::ExpiredSessionToken.new | ||
end | ||
|
||
user_id | ||
end | ||
|
||
# Used for #export action with encrypted user_id, available | ||
# as a helper method for views. | ||
def encrypt_user_id(user_id) | ||
message_encryptor.encrypt_and_sign([user_id, Time.now]) | ||
end | ||
|
||
## | ||
# This method provides Rails 3 compatibility to our message encryptor. | ||
# When we drop support for Rails 3, we can just use the AS::KeyGenerator | ||
# directly instead of this helper. | ||
def bookmarks_export_secret_token salt | ||
OpenSSL::PKCS5.pbkdf2_hmac_sha1(Blacklight.secret_key, salt, 1000, 64) | ||
end | ||
|
||
def message_encryptor | ||
derived_secret = bookmarks_export_secret_token("bookmarks session key") | ||
ActiveSupport::MessageEncryptor.new(derived_secret) | ||
end | ||
|
||
|
||
end |