Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-12-16 15:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #753 by adding a global option to enable secure cookies

Browse source 
you need to recreate your environment.rb from the tmpl for this change
This commit is contained in:
Reinier Balt 2008-08-18 14:11:27 +02:00
parent a4cb8fb113
commit 2a6b8f1cd9
6 changed files with 15 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/contexts_controller.rb
View file

@ -133,7 +133,7 @@ class ContextsController < ApplicationController
@active_contexts = @contexts.find(:all, { :conditions => ["hide = ?", false]}) @active_contexts = @contexts.find(:all, { :conditions => ["hide = ?", false]})
@hidden_contexts = @contexts.find(:all, { :conditions => ["hide = ?", true]}) @hidden_contexts = @contexts.find(:all, { :conditions => ["hide = ?", true]})
@down_count = @active_contexts.size + @hidden_contexts.size @down_count = @active_contexts.size + @hidden_contexts.size
cookies[:mobile_url]=request.request_uri cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE}
render :action => 'index_mobile' render :action => 'index_mobile'
end end
end end
@ -143,7 +143,7 @@ class ContextsController < ApplicationController
@page_title = "TRACKS::List actions in "+@context.name @page_title = "TRACKS::List actions in "+@context.name
@not_done = @not_done_todos.select {|t| t.context_id == @context.id } @not_done = @not_done_todos.select {|t| t.context_id == @context.id }
@down_count = @not_done.size @down_count = @not_done.size
cookies[:mobile_url]=request.request_uri cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE}
@mobile_from_context = @context.id @mobile_from_context = @context.id
render :action => 'mobile_show_context' render :action => 'mobile_show_context'
end end

10
app/controllers/login_controller.rb
View file

@ -20,10 +20,10 @@ class LoginController < ApplicationController
session['noexpiry'] = params['user_noexpiry'] session['noexpiry'] = params['user_noexpiry']
msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
notify :notice, "Login successful: session #{msg}" notify :notice, "Login successful: session #{msg}"
cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year } cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => TRACKS_COOKIES_SECURE }
unless should_expire_sessions? unless should_expire_sessions?
@user.remember_me @user.remember_me
cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at } cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => TRACKS_COOKIES_SECURE }
end end
redirect_back_or_home redirect_back_or_home
return return
@ -94,12 +94,12 @@ class LoginController < ApplicationController
session['noexpiry'] = session['user_noexpiry'] session['noexpiry'] = session['user_noexpiry']
msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
notify :notice, "You have successfully verified #{openid_url} as your identity. Login successful: session #{msg}" notify :notice, "You have successfully verified #{openid_url} as your identity. Login successful: session #{msg}"
cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year } cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year, :secure => TRACKS_COOKIES_SECURE }
unless should_expire_sessions? unless should_expire_sessions?
@user.remember_me @user.remember_me
cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at } cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => TRACKS_COOKIES_SECURE }
end end
cookies[:openid_url] = { :value => openid_url, :expires => Time.now + 1.year } cookies[:openid_url] = { :value => openid_url, :expires => Time.now + 1.year, :secure => TRACKS_COOKIES_SECURE }
redirect_back_or_home redirect_back_or_home
else else
notify :warning, "You have successfully verified #{openid_url} as your identity, but you do not have a Tracks account. Please ask your administrator to sign you up." notify :warning, "You have successfully verified #{openid_url} as your identity, but you do not have a Tracks account. Please ask your administrator to sign you up."

4
app/controllers/projects_controller.rb
View file

@ -204,7 +204,7 @@ class ProjectsController < ApplicationController
@hidden_projects = @projects.select{ |p| p.hidden? } @hidden_projects = @projects.select{ |p| p.hidden? }
@completed_projects = @projects.select{ |p| p.completed? } @completed_projects = @projects.select{ |p| p.completed? }
@down_count = @active_projects.size + @hidden_projects.size + @completed_projects.size @down_count = @active_projects.size + @hidden_projects.size + @completed_projects.size
cookies[:mobile_url]=request.request_uri cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE}
render :action => 'index_mobile' render :action => 'index_mobile'
end end
end end
@ -217,7 +217,7 @@ class ProjectsController < ApplicationController
@project_default_context = "The default context for this project is "+ @project_default_context = "The default context for this project is "+
@project.default_context.name @project.default_context.name
end end
cookies[:mobile_url]=request.request_uri cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE}
@mobile_from_project = @project.id @mobile_from_project = @project.id
render :action => 'project_mobile' render :action => 'project_mobile'
end end

6
app/controllers/todos_controller.rb
View file

@ -229,7 +229,7 @@ class TodosController < ApplicationController
format.m do format.m do
if @saved if @saved
if cookies[:mobile_url] if cookies[:mobile_url]
cookies[:mobile_url] = nil cookies[:mobile_url] = {:value => nil, :secure => TRACKS_COOKIES_SECURE}
redirect_to cookies[:mobile_url] redirect_to cookies[:mobile_url]
else else
redirect_to formatted_todos_path(:m) redirect_to formatted_todos_path(:m)
@ -370,7 +370,7 @@ class TodosController < ApplicationController
@default_project_context_name_map = build_default_project_context_name_map(@projects).to_json @default_project_context_name_map = build_default_project_context_name_map(@projects).to_json
} }
format.m { format.m {
cookies[:mobile_url]=request.request_uri cookies[:mobile_url]= {:value => request.request_uri, :secure => TRACKS_COOKIES_SECURE}
render :action => "mobile_tag" render :action => "mobile_tag"
} }
end end
@ -608,7 +608,7 @@ class TodosController < ApplicationController
lambda do lambda do
@page_title = "All actions" @page_title = "All actions"
@home = true @home = true
cookies[:mobile_url]=request.request_uri cookies[:mobile_url]= { :value => request.request_uri, :secure => TRACKS_COOKIES_SECURE}
determine_down_count determine_down_count
render :action => 'index' render :action => 'index'

2
config/environment.rb.tmpl
View file

@ -93,6 +93,8 @@ if (AUTHENTICATION_SCHEMES.include? 'open_id')
#requires ruby-openid gem to be installed #requires ruby-openid gem to be installed
end end
# setting this to true will make the cookies only available over HTTPS
TRACKS_COOKIES_SECURE = false
MOBILE_CONTENT_TYPE = 'tracks/mobile' MOBILE_CONTENT_TYPE = 'tracks/mobile'
Mime::Type.register(MOBILE_CONTENT_TYPE, :m) Mime::Type.register(MOBILE_CONTENT_TYPE, :m)

2
lib/login_system.rb
View file

@ -48,7 +48,7 @@ module LoginSystem
session['user_id'] = user.id session['user_id'] = user.id
set_current_user(user) set_current_user(user)
current_user.remember_me current_user.remember_me
cookies[:auth_token] = { :value => current_user.remember_token , :expires => current_user.remember_token_expires_at } cookies[:auth_token] = { :value => current_user.remember_token , :expires => current_user.remember_token_expires_at, :secure => TRACKS_COOKIES_SECURE }
flash[:notice] = "Logged in successfully. Welcome back!" flash[:notice] = "Logged in successfully. Welcome back!"
end end
end end