From 4f9cd616196cfe224ff073de13bc20d2fc97befb Mon Sep 17 00:00:00 2001
From: lukemelia <lukemelia@a4c988fc-2ded-0310-b66e-134b36920a42>
Date: Sat, 24 Feb 2007 08:04:23 +0000
Subject: [PATCH] Some tweaks to the Open ID authentication support (which I've
 been using very happily, BTW). It now respects the "Keep me logged in"
 checkbox on the login page. It also cookies your openid url for less typing
 on future visits to the login page.

Also, we try to avoid calling store_location on expiry if the triggering url was an ajax request (like one of the periodically executing javascripts). Storing the location doesn't make sense in that case.


git-svn-id: http://www.rousette.org.uk/svn/tracks-repos/trunk@457 a4c988fc-2ded-0310-b66e-134b36920a42
---
 tracks/app/controllers/login_controller.rb | 18 ++++++++++++------
 tracks/app/controllers/users_controller.rb | 14 +++++++++-----
 tracks/app/views/login/login.rhtml         |  2 +-
 tracks/lib/config.rb                       |  5 +++++
 tracks/lib/login_system.rb                 |  7 +++----
 5 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/tracks/app/controllers/login_controller.rb b/tracks/app/controllers/login_controller.rb
index caa29828..abef4a15 100644
--- a/tracks/app/controllers/login_controller.rb
+++ b/tracks/app/controllers/login_controller.rb
@@ -4,10 +4,11 @@ class LoginController < ApplicationController
   skip_before_filter :set_session_expiration
   skip_before_filter :login_required
   before_filter :get_current_user
-  open_id_consumer if Tracks::Config.auth_schemes.include?('open_id')
+  open_id_consumer if Tracks::Config.openid_enabled?
   
   def login
     @page_title = "TRACKS::Login"
+    @openid_url = cookies[:openid_url] if Tracks::Config.openid_enabled?
     case request.method
       when :post
         if @user = User.authenticate(params['user_login'], params['user_password'])
@@ -37,12 +38,13 @@ class LoginController < ApplicationController
     # Let the user know that the URL is unusable.
     case open_id_response.status
       when OpenID::SUCCESS
-        openid_url = params[:openid_url]
+        session['openid_url'] = params[:openid_url]
+        session['user_noexpiry'] = params[:user_noexpiry]
         # The URL was a valid identity URL. Now we just need to send a redirect
         # to the server using the redirect_url the library created for us.
 
         # redirect to the server
-        redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete', :openid_url => openid_url))
+        redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete'))
       else
         notify :warning, "Unable to find openid server for <q>#{openid_url}</q>"
         redirect_to :action => 'login'
@@ -50,7 +52,7 @@ class LoginController < ApplicationController
   end
 
   def complete
-    openid_url = params[:openid_url]
+    openid_url = session['openid_url']
     if openid_url.blank?
       notify :error, "expected an openid_url"
     end
@@ -73,8 +75,12 @@ class LoginController < ApplicationController
         # the verification.
         @user = User.find_by_open_id_url(openid_url)
         unless (@user.nil?)
-          notify :notice, "You have successfully verified #{openid_url} as your identity."
           session['user_id'] = @user.id
+          session['noexpiry'] = session['user_noexpiry']
+          msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire." 
+          notify :notice, "You have successfully verified #{openid_url} as your identity. Login successful: session #{msg}"
+          cookies[:tracks_login] = { :value => @user.login, :expires => Time.now + 1.year }
+          cookies[:openid_url] = { :value => openid_url, :expires => Time.now + 1.year }
           redirect_back_or_home
         else
           notify :warning, "You have successfully verified #{openid_url} as your identity, but you do not have a Tracks account. Please ask your administrator to sign you up."
@@ -119,5 +125,5 @@ class LoginController < ApplicationController
   def should_expire_sessions?
     session['noexpiry'] != "on"
   end
-  
+    
 end
diff --git a/tracks/app/controllers/users_controller.rb b/tracks/app/controllers/users_controller.rb
index 66febae3..b6f0e625 100644
--- a/tracks/app/controllers/users_controller.rb
+++ b/tracks/app/controllers/users_controller.rb
@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
 
-  if Tracks::Config.auth_schemes.include?('open_id')
+  if Tracks::Config.openid_enabled?
      open_id_consumer
      before_filter  :begin_open_id_auth,    :only => :update_auth_type
   end
@@ -151,15 +151,15 @@ class UsersController < ApplicationController
   end
   
   def update_auth_type
-    if (params[:user][:auth_type] == 'open_id')
+    if (params[:user][:auth_type] == 'open_id') && Tracks::Config.openid_enabled?
       case open_id_response.status
         when OpenID::SUCCESS
           # The URL was a valid identity URL. Now we just need to send a redirect
           # to the server using the redirect_url the library created for us.
-          openid_url = params[:openid_url]
+          session['openid_url'] = params[:openid_url]
 
           # redirect to the server
-          redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete', :openid_url => openid_url))
+          redirect_to open_id_response.redirect_url((request.protocol + request.host_with_port + "/"), url_for(:action => 'complete'))
         else
           notify :warning, "Unable to find openid server for <q>#{openid_url}</q>"
           redirect_to :action => 'change_auth_type'
@@ -177,7 +177,11 @@ class UsersController < ApplicationController
   end
   
   def complete
-    openid_url = params[:openid_url]
+    return unless Tracks::Config.openid_enabled?
+    openid_url = session['openid_url']
+    if openid_url.blank?
+      notify :error, "expected an openid_url"
+    end
     case open_id_response.status
       when OpenID::FAILURE
         # In the case of failure, if info is non-nil, it is the
diff --git a/tracks/app/views/login/login.rhtml b/tracks/app/views/login/login.rhtml
index aa546a10..f10bc677 100644
--- a/tracks/app/views/login/login.rhtml
+++ b/tracks/app/views/login/login.rhtml
@@ -33,7 +33,7 @@
 	    <table>
 	      <tr>
 	        <td width="100px"><label for="openid_url">Identity URL:</label></td>
-	        <td width="100px"><input type="text" name="openid_url" id="openid_url" value="" class="login_text open_id" /></td>
+	        <td width="100px"><input type="text" name="openid_url" id="openid_url" value="<%= @openid_url %>" class="login_text open_id" /></td>
 	      </tr>
 	     <tr> 
 	        <td width="100px"><label for="user_noexpiry">Stay logged in:</label></td>
diff --git a/tracks/lib/config.rb b/tracks/lib/config.rb
index 3fa0fb8a..93416ced 100644
--- a/tracks/lib/config.rb
+++ b/tracks/lib/config.rb
@@ -10,6 +10,11 @@ module Tracks
       AUTHENTICATION_SCHEMES
     end
     
+    def self.openid_enabled?
+      auth_schemes.include?('open_id')
+    end
+    
+    
   end
   
 end
\ No newline at end of file
diff --git a/tracks/lib/login_system.rb b/tracks/lib/login_system.rb
index d3a94d49..14217594 100644
--- a/tracks/lib/login_system.rb
+++ b/tracks/lib/login_system.rb
@@ -69,8 +69,8 @@ module LoginSystem
 
     # store current location so that we can 
     # come back after the user logged in
-    store_location
-  
+    store_location unless params[:format] == 'js'
+    
     # call overwriteable reaction to unauthorized access
     access_denied
     return false 
@@ -163,7 +163,6 @@ module LoginSystem
       response.headers["Status"] = "Unauthorized"
       response.headers["WWW-Authenticate"] = "Basic realm=\"'Tracks Login Required'\""
       render :text => "401 Unauthorized: You are not authorized to interact with Tracks.", :status => 401
-  end
-  
+  end  
 
 end
\ No newline at end of file