diff --git a/tracks/app/controllers/login_controller.rb b/tracks/app/controllers/login_controller.rb index caa29828..abef4a15 100644 --- a/tracks/app/controllers/login_controller.rb +++ b/tracks/app/controllers/login_controller.rb @@ -4,10 +4,11 @@ class LoginController < ApplicationController skip_before_filter :set_session_expiration skip_before_filter :login_required before_filter :get_current_user - open_id_consumer if Tracks::Config.auth_schemes.include?('open_id') + open_id_consumer if Tracks::Config.openid_enabled? def login @page_title = "TRACKS::Login" + @openid_url = cookies[:openid_url] if Tracks::Config.openid_enabled? case request.method when :post if @user = User.authenticate(params['user_login'], params['user_password']) @@ -37,12 +38,13 @@ class LoginController < ApplicationController # Let the user know that the URL is unusable. case open_id_response.status when OpenID::SUCCESS - openid_url = params[:openid_url] + session['openid_url'] = params[:openid_url] + session['user_noexpiry'] = params[:user_noexpiry] # The URL was a valid identity URL. Now we just need to send a redirect # to the server using the redirect_url the library created for us. # redirect to the server - redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete', :openid_url => openid_url)) + redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete')) else notify :warning, "Unable to find openid server for #{openid_url}" redirect_to :action => 'login' @@ -50,7 +52,7 @@ class LoginController < ApplicationController end def complete - openid_url = params[:openid_url] + openid_url = session['openid_url'] if openid_url.blank? notify :error, "expected an openid_url" end @@ -73,8 +75,12 @@ class LoginController < ApplicationController # the verification. @user = User.find_by_open_id_url(openid_url) unless (@user.nil?) - notify :notice, "You have successfully verified #{openid_url} as your identity." session['user_id'] = @user.id + session['noexpiry'] = session['user_noexpiry'] + msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." + notify :notice, "You have successfully verified #{openid_url} as your identity. Login successful: session #{msg}" + cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year } + cookies[:openid_url] = { :value => openid_url, :expires => Time.now + 1.year } redirect_back_or_home else notify :warning, "You have successfully verified #{openid_url} as your identity, but you do not have a Tracks account. Please ask your administrator to sign you up." @@ -119,5 +125,5 @@ class LoginController < ApplicationController def should_expire_sessions? session['noexpiry'] != "on" end - + end diff --git a/tracks/app/controllers/users_controller.rb b/tracks/app/controllers/users_controller.rb index 66febae3..b6f0e625 100644 --- a/tracks/app/controllers/users_controller.rb +++ b/tracks/app/controllers/users_controller.rb @@ -1,6 +1,6 @@ class UsersController < ApplicationController - if Tracks::Config.auth_schemes.include?('open_id') + if Tracks::Config.openid_enabled? open_id_consumer before_filter :begin_open_id_auth, :only => :update_auth_type end @@ -151,15 +151,15 @@ class UsersController < ApplicationController end def update_auth_type - if (params[:user][:auth_type] == 'open_id') + if (params[:user][:auth_type] == 'open_id') && Tracks::Config.openid_enabled? case open_id_response.status when OpenID::SUCCESS # The URL was a valid identity URL. Now we just need to send a redirect # to the server using the redirect_url the library created for us. - openid_url = params[:openid_url] + session['openid_url'] = params[:openid_url] # redirect to the server - redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete', :openid_url => openid_url)) + redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete')) else notify :warning, "Unable to find openid server for #{openid_url}" redirect_to :action => 'change_auth_type' @@ -177,7 +177,11 @@ class UsersController < ApplicationController end def complete - openid_url = params[:openid_url] + return unless Tracks::Config.openid_enabled? + openid_url = session['openid_url'] + if openid_url.blank? + notify :error, "expected an openid_url" + end case open_id_response.status when OpenID::FAILURE # In the case of failure, if info is non-nil, it is the diff --git a/tracks/app/views/login/login.rhtml b/tracks/app/views/login/login.rhtml index aa546a10..f10bc677 100644 --- a/tracks/app/views/login/login.rhtml +++ b/tracks/app/views/login/login.rhtml @@ -33,7 +33,7 @@ - + diff --git a/tracks/lib/config.rb b/tracks/lib/config.rb index 3fa0fb8a..93416ced 100644 --- a/tracks/lib/config.rb +++ b/tracks/lib/config.rb @@ -10,6 +10,11 @@ module Tracks AUTHENTICATION_SCHEMES end + def self.openid_enabled? + auth_schemes.include?('open_id') + end + + end end \ No newline at end of file diff --git a/tracks/lib/login_system.rb b/tracks/lib/login_system.rb index d3a94d49..14217594 100644 --- a/tracks/lib/login_system.rb +++ b/tracks/lib/login_system.rb @@ -69,8 +69,8 @@ module LoginSystem # store current location so that we can # come back after the user logged in - store_location - + store_location unless params[:format] == 'js' + # call overwriteable reaction to unauthorized access access_denied return false @@ -163,7 +163,6 @@ module LoginSystem response.headers["Status"] = "Unauthorized" response.headers["WWW-Authenticate"] = "Basic realm=\"'Tracks Login Required'\"" render :text => "401 Unauthorized: You are not authorized to interact with Tracks.", :status => 401 - end - + end end \ No newline at end of file