summaryrefslogtreecommitdiff
path: root/app/controllers/controller_extension/authentication.rb
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-05-16 08:42:36 +0200
committerAzul <azul@leap.se>2014-05-16 08:42:36 +0200
commit8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /app/controllers/controller_extension/authentication.rb
parent81555ec6244ed76f92e3629880f68104b8705817 (diff)
parenta4f7a410c536d88c91c834cab6ee950c71005ddd (diff)
Merge remote-tracking branch 'origin/develop'
Conflicts: app/assets/javascripts/srp test/nagios/soledad_sync.py test/nagios/webapp_login.py
Diffstat (limited to 'app/controllers/controller_extension/authentication.rb')
-rw-r--r--app/controllers/controller_extension/authentication.rb81
1 files changed, 81 insertions, 0 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb
new file mode 100644
index 0000000..1f73f38
--- /dev/null
+++ b/app/controllers/controller_extension/authentication.rb
@@ -0,0 +1,81 @@
+module ControllerExtension::Authentication
+ extend ActiveSupport::Concern
+
+ private
+
+ included do
+ helper_method :current_user, :logged_in?, :admin?
+ end
+
+ def current_user
+ @current_user ||= token_authenticate || warden.user || anonymous
+ end
+
+ def logged_in?
+ current_user.is_a? User
+ end
+
+ def require_login
+ access_denied unless logged_in?
+ end
+
+ # some actions only make sense if you are not logged in yet.
+ # (login, signup). If a user tries to perform these they will
+ # be redirected to their dashboard.
+ def redirect_if_logged_in
+ redirect_to home_url if logged_in?
+ end
+
+ def access_denied
+ respond_to do |format|
+ format.html do
+ if logged_in?
+ redirect_to home_url, :alert => t(:not_authorized)
+ else
+ redirect_to login_url, :alert => t(:not_authorized_login)
+ end
+ end
+ format.json do
+ render :json => {'error' => t(:not_authorized)}, status: :unprocessable_entity
+ end
+ end
+ end
+
+ def admin?
+ current_user.is_admin?
+ end
+
+ def require_admin
+ access_denied unless admin?
+ end
+
+ def authentication_errors
+ return unless attempted_login?
+ errors = get_warden_errors
+ errors.inject({}) do |translated,err|
+ translated[err.first] = I18n.t(err.last)
+ translated
+ end
+ end
+
+ def get_warden_errors
+ if strategy = warden.winning_strategy
+ message = strategy.message
+ # in case we get back the default message to fail!
+ message.respond_to?(:inject) ? message : { base: message }
+ else
+ { login: :all_strategies_failed }
+ end
+ end
+
+ def attempted_login?
+ request.env['warden.options'] &&
+ request.env['warden.options'][:attempted_path]
+ end
+
+ protected
+
+ def anonymous
+ AnonymousUser.new
+ end
+end