diff options
author | jessib <jessib@riseup.net> | 2012-10-17 10:12:11 -0700 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2012-10-17 10:12:11 -0700 |
commit | c072a2fe1d50715bad1cd8c14213cba6aa1cc8ff (patch) | |
tree | 14a599dadbe440952c0de73c487113bc09aa9142 /users/app/controllers | |
parent | 171d07a64d3f76e68c22f0fb4cc3795daad806d1 (diff) | |
parent | d9a510fa2126c29f0af58c6bbeff35802777eee6 (diff) |
Merge branch 'develop' into help_develop
Diffstat (limited to 'users/app/controllers')
-rw-r--r-- | users/app/controllers/application_controller.rb | 14 | ||||
-rw-r--r-- | users/app/controllers/sessions_controller.rb | 7 |
2 files changed, 15 insertions, 6 deletions
diff --git a/users/app/controllers/application_controller.rb b/users/app/controllers/application_controller.rb new file mode 100644 index 0000000..64e1a55 --- /dev/null +++ b/users/app/controllers/application_controller.rb @@ -0,0 +1,14 @@ +class ApplicationController < ActionController::Base + protect_from_forgery + + private + + def current_user + @current_user ||= User.find(session[:user_id]) if session[:user_id] + end + helper_method :current_user + + def authorize + redirect_to login_url, alert: "Not authorized" if current_user.nil? + end +end diff --git a/users/app/controllers/sessions_controller.rb b/users/app/controllers/sessions_controller.rb index 284c0e2..4a1107d 100644 --- a/users/app/controllers/sessions_controller.rb +++ b/users/app/controllers/sessions_controller.rb @@ -8,19 +8,15 @@ class SessionsController < ApplicationController def create @user = User.find_by_param(params[:login]) session[:handshake] = @user.initialize_auth(params['A'].hex) - User.current = @user #? render :json => session[:handshake] rescue RECORD_NOT_FOUND render :json => {:errors => {:login => ["unknown user"]}} end def update - # TODO: validate the id belongs to the session - @user = User.find_by_param(params[:id]) @srp_session = session.delete(:handshake) - @srp_session.authenticate!(params[:client_auth].hex) + @user = @srp_session.authenticate!(params[:client_auth].hex) session[:user_id] = @user.id - User.current = @user #? render :json => @srp_session rescue WRONG_PASSWORD session[:handshake] = nil @@ -29,7 +25,6 @@ class SessionsController < ApplicationController def destroy session[:user_id] = nil - User.current = nil #? redirect_to root_path end end |