Fix session bug and lack of 403 handling. Closes play#154.

Add 403 handling to expire current session and show 403. This fixes a small bug: if someone is logged in and changes the application oauth settings then they would see an octobouncer cat with no message or help as to what was happening. This bug also appeared if the user revoked access to play and wanted to readd it. Added 403.html to public and styling for it and also iphone version. Nothing fancy. Steal Octobouncer for our own gains.
wfarr · May 2, 2012 · a6baca5 · a6baca5
1 parent 99f4d85
commit a6baca5
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 1 deletion.
diff --git a/app/app.rb b/app/app.rb
@@ -23,9 +23,24 @@ class App < Sinatra::Base
 
     dir = File.dirname(File.expand_path(__FILE__))
 
+    class Octobouncer < Sinatra::Base
+      # Handle bad authenication, clears the session and redirects to login.
+      get '/unauthenticated' do
+        if session[:user].nil?
+          redirect '/'
+        else
+          session.clear
+          redirect '/403.html'
+        end
+      end
+    end
+
     set :github_options, {
                             :secret    => Play.config.secret,
                             :client_id => Play.config.client_id,
+                            :failure_app => Octobouncer,
+                            :organization => Play.config.gh_org,
+                            :github_scopes => 'user,offline_access'
                          }
 
     Pusher.app_id =  Play.config.pusher_app_id
@@ -63,7 +78,6 @@ def api_request
       !!params[:token] || !!request.env["HTTP_AUTHORIZATION"]
     end
 
-
     def login
       if api_request
         token = request.env["HTTP_AUTHORIZATION"] || params[:token] || ""
@@ -81,6 +95,7 @@ def login
         else
           authenticate!
         end
+
         user   = User.find(github_user.login)
         user ||= User.create(github_user.login,github_user.email)
       end

diff --git a/app/frontend/public/403.html b/app/frontend/public/403.html
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+
+<head>
+
+  <meta charset="utf-8">
+  <meta name="apple-mobile-web-app-capable" content="yes">
+
+  <link rel="stylesheet" href="/css/reset.css">
+  <link rel="stylesheet" href="/css/base.css">
+  <link rel="stylesheet" href="/css/jquery.ui.css">
+  <link media="only screen and (max-device-width: 480px)" href="/css/iphone.css" type="text/css" rel="stylesheet">
+  <link media="only screen and (max-device-width: 768px)" href="/css/tablet.css" type="text/css" rel="stylesheet">
+  <link media="only screen and (aspect-ratio: 16/9)" href="/css/tv.css" rel="stylesheet" type="text/css">
+
+  <link href='//fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,400,300,700,600' rel='stylesheet' type='text/css'>
+  <link href='//fonts.googleapis.com/css?family=Open+Sans+Condensed:300' rel='stylesheet' type='text/css'>
+
+  <script type="text/javascript" src="/js/application.js"></script>
+
+  <title>Play: 403 Unauthorized. You are not on the list.</title>
+
+</head>
+<body class="error-403">
+
+<div style="Background: #fff; border-radius: 0.5em; margin: 1em; padding: 1em;">
+
+<section class="notice">
+  <h1>clUb 403</h1>
+  <h2>Sorry, you are not on the authorized list. Ask nicely and I might <a href="/" title="play">recheck the list</a>.</h2>
+</section>
+
+<img src="images/octobouncer.png" alt="octobouncer" width=448 height=448 />
+</div>
+</body>
+</html>
diff --git a/app/frontend/public/images/octobouncer.png b/app/frontend/public/images/octobouncer.png
diff --git a/app/frontend/styles/base.css.scss b/app/frontend/styles/base.css.scss
@@ -355,3 +355,38 @@ ul.song-actions {
   height: 30px;
 }
 
+/* 403 Error Page */
+
+.error-403 {
+
+  width: 940px;
+  margin: 0 auto;
+
+  h1,
+  h2 {
+    font-size: 3em;
+    font-weight: bold;
+  }
+
+  h1 {
+    margin-bottom: 0.4em;
+  }
+
+  h2 {
+    font-size: 1.6em;
+    line-height: 1.5;
+    width: 12em;
+  }
+
+  section.notice,
+  img {
+    display: inline-block;
+    vertical-align: top;
+    margin: 0.5em;
+  }
+
+  section.notice {
+    margin: 6em 2em 6em 3em;
+  }
+
+}
diff --git a/app/frontend/styles/iphone.css.scss b/app/frontend/styles/iphone.css.scss
@@ -74,4 +74,37 @@ body {
     height: 160px;
     max-width: inherit;
   }
+}
+
+/* 403 Error Page */
+
+
+.error-403 {
+
+  h1,
+  h2 {
+    font-size: 6em;
+  }
+
+  h1 {
+    margin-bottom: 0.4em;
+  }
+
+  h2 {
+    font-size: 4em;
+    line-height: 1.5;
+    width: 12em;
+  }
+
+  section.notice,
+  img {
+    display: inline-block;
+    vertical-align: top;
+    margin: 0.5em auto;
+  }
+
+  section.notice {
+    margin: 2em;
+  }
+
 }