1 module AuthenticatedSystem
3 # Returns true or false if the user is logged in.
4 # Preloads @current_user with the user model if they're logged in.
9 # Accesses the current user from the session.
11 @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false
14 # Store the given user in the session.
15 def current_user=(new_user)
16 session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
17 @current_user = new_user
20 # Check if the user is authorized.
22 # Override this method in your controllers if you want to restrict access
23 # to only a few actions or if you want to check if the user
24 # has the correct rights.
28 # # only allow nonbobs
30 # current_user.login != "bob"
36 # Filter method to enforce a login requirement.
38 # To require logins for all actions, use this in your controllers:
40 # before_filter :login_required
42 # To require logins for specific actions, use this in your controllers:
44 # before_filter :login_required, :only => [ :edit, :update ]
46 # To skip this in a subclassed controller:
48 # skip_before_filter :login_required
51 username, passwd = get_auth_data
52 self.current_user ||= User.authenticate(username, passwd) || :false if username && passwd
53 logged_in? && authorized? ? true : access_denied
56 # Redirect as appropriate when an access request fails.
58 # The default action is to redirect to the login screen.
60 # Override this method in your controllers if you want to have special
61 # behavior in case the user is not authorized
62 # to access the requested action. For example, a popup window might
63 # simply close itself.
65 respond_to do |accepts|
68 redirect_to :controller => '/account', :action => 'login'
71 headers["Status"] = "Unauthorized"
72 headers["WWW-Authenticate"] = %(Basic realm="Web Password")
73 render :text => "Could't authenticate you", :status => '401 Unauthorized'
79 # Store the URI of the current request in the session.
81 # We can return to this location by calling #redirect_back_or_default.
83 session[:return_to] = request.request_uri
86 # Redirect to the URI stored by the most recent store_location call or
87 # to the passed default.
88 def redirect_back_or_default(default)
89 session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
90 session[:return_to] = nil
93 # Inclusion hook to make #current_user and #logged_in?
94 # available as ActionView helper methods.
95 def self.included(base)
96 base.send :helper_method, :current_user, :logged_in?
99 # When called with before_filter :login_from_cookie will check for an :auth_token
100 # cookie and log the user back in if apropriate
101 def login_from_cookie
102 return unless cookies[:auth_token] && !logged_in?
103 user = User.find_by_remember_token(cookies[:auth_token])
104 if user && user.remember_token?
106 self.current_user = user
107 cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
108 flash[:notice] = "Logged in successfully"
113 @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
114 # gets BASIC auth info
116 auth_key = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
117 auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
118 return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]