Permalink
Browse files

fixed up sessions controller

  • Loading branch information...
1 parent 4de0ac0 commit 33bc1d1113e875dcf2318b68df395b78a8fcff9c Terry Heath committed Sep 4, 2009
Binary file not shown.
@@ -13,10 +13,9 @@ def destroy
def open_id_authentication(openid)
authenticate_with_open_id(openid) do |result, identity_url, registration|
if result.successful?
- if @current_user = User.find_by_identity_url(identity_url)
- successful_login
- elsif (@current_user = User.new(:identity_url => identity_url)) && @current_user.save(false)
- successful_login(true)
+ if @current_user = User.find_by_identity_url(identity_url) || User.new(:identity_url => identity_url)
+ @current_user.save(false)
+ successful_login(!@current_user.valid?)
else
failed_login "Could not log you in at this time."
end
View
Binary file not shown.
View
@@ -1,3 +1,5 @@
ActionController::Routing::Routes.draw do |map|
map.resource :session
+ map.signin '/signin', :controller => 'sessions', :action => 'new'
+ map.signin '/signout', :controller => 'sessions', :action => 'destroy'
end
View
@@ -15,4 +15,5 @@
config.to_prepare do
OpenID::Util.logger = Rails.logger
ActionController::Base.send :include, OpenIdAuthentication
+ ActionController::Base.send :include, AuthenticatedSystem
end
@@ -9,7 +9,7 @@ def signed_in?
# Accesses the current user from the session.
# Future calls avoid the database because nil is not equal to false.
def current_user
- @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
+ @current_user ||= (login_from_session || login_from_basic_auth) unless @current_user == false
end
# Store the given user id in the session.
@@ -123,17 +123,6 @@ def login_from_basic_auth
# Sign Out
#
- # Called from #current_user. Finaly, attempt to login by an expiring token in the cookie.
- # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
- def login_from_cookie
- user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
- if user && user.remember_token?
- self.current_user = user
- handle_remember_cookie! false # freshen cookie token (keeping date)
- self.current_user
- end
- end
-
# This is ususally what you want; resetting the session willy-nilly wreaks
# havoc with forgery protection, and is only strictly necessary on login.
# However, **all session state variables should be unset here**.

0 comments on commit 33bc1d1

Please sign in to comment.