fixed up sessions controller

terrbear · Sep 4, 2009 · 33bc1d1 · 33bc1d1
1 parent 4de0ac0
commit 33bc1d1
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 16 deletions.
diff --git a/app/controllers/.sessions_controller.rb.swp b/app/controllers/.sessions_controller.rb.swp
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -13,10 +13,9 @@ def destroy
   def open_id_authentication(openid)
     authenticate_with_open_id(openid) do |result, identity_url, registration|
 	    if result.successful?
-	      if @current_user = User.find_by_identity_url(identity_url)
-	        successful_login
-	      elsif (@current_user = User.new(:identity_url => identity_url)) && @current_user.save(false)
-          successful_login(true)
+	      if @current_user = User.find_by_identity_url(identity_url) || User.new(:identity_url => identity_url)
+          @current_user.save(false)
+	        successful_login(!@current_user.valid?)
         else
           failed_login "Could not log you in at this time."
 	      end

diff --git a/config/.routes.rb.swp b/config/.routes.rb.swp
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,3 +1,5 @@
 ActionController::Routing::Routes.draw do |map|
   map.resource :session
+  map.signin '/signin', :controller => 'sessions', :action => 'new'
+  map.signin '/signout', :controller => 'sessions', :action => 'destroy'
 end
diff --git a/init.rb b/init.rb
@@ -15,4 +15,5 @@
 config.to_prepare do
   OpenID::Util.logger = Rails.logger
   ActionController::Base.send :include, OpenIdAuthentication
+  ActionController::Base.send :include, AuthenticatedSystem
 end
diff --git a/lib/authenticated_system.rb b/lib/authenticated_system.rb
@@ -9,7 +9,7 @@ def signed_in?
     # Accesses the current user from the session.
     # Future calls avoid the database because nil is not equal to false.
     def current_user
-      @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
+      @current_user ||= (login_from_session || login_from_basic_auth) unless @current_user == false
     end
 
     # Store the given user id in the session.
@@ -123,17 +123,6 @@ def login_from_basic_auth
     # Sign Out
     #
 
-    # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
-    # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
-    def login_from_cookie
-      user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
-      if user && user.remember_token?
-        self.current_user = user
-        handle_remember_cookie! false # freshen cookie token (keeping date)
-        self.current_user
-      end
-    end
-
     # This is ususally what you want; resetting the session willy-nilly wreaks
     # havoc with forgery protection, and is only strictly necessary on login.
     # However, **all session state variables should be unset here**.