incubator-heraldry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From record...@apache.org
Subject svn commit: r500179 - in /incubator/heraldry/idp/pip/trunk: app/controllers/server_controller.rb lib/authenticated_system.rb
Date Fri, 26 Jan 2007 08:27:55 GMT
Author: recordond
Date: Fri Jan 26 00:27:54 2007
New Revision: 500179

URL: http://svn.apache.org/viewvc?view=rev&rev=500179
Log:
 - Remove openid_login_required and replace it with method in controller
   openid_login_needed which is very specific as to the action.
 - Make check_for_human easier to understand and return true if the request
   is other than checkid_setup as I believe is intended.
 - Make verify_current_user_owns_identity_url only display the
   "you don't own this url" if there is a logged in user.

I'm having crazy issues with my local install keeping me logged in, tried
reverting to earlier revision and same problem so assume it is my environment.
Planning to get this on a working server sometime over the weekend to really
test.  Want to get this code in SVN though since it should only make things better.

Modified:
    incubator/heraldry/idp/pip/trunk/app/controllers/server_controller.rb
    incubator/heraldry/idp/pip/trunk/lib/authenticated_system.rb

Modified: incubator/heraldry/idp/pip/trunk/app/controllers/server_controller.rb
URL: http://svn.apache.org/viewvc/incubator/heraldry/idp/pip/trunk/app/controllers/server_controller.rb?view=diff&rev=500179&r1=500178&r2=500179
==============================================================================
--- incubator/heraldry/idp/pip/trunk/app/controllers/server_controller.rb (original)
+++ incubator/heraldry/idp/pip/trunk/app/controllers/server_controller.rb Fri Jan 26 00:27:54
2007
@@ -255,14 +255,16 @@
     @openid_request
   end
 
-  # Returns true if the _current_user_ owns the identity url.
+  # Returns true if the _current_user_ owns the identity url.  If there is a
+  # logged in user, then also sets up an error message if they do not own the
+  # identity url.
   # Identity urls follow the format of http://idp.com/user/[_user_login_] and
   # http://[_user_login_].idp.com/
   def verify_current_user_owns_identity_url
     if !openid_request.is_a?(OpenID::Server::CheckIDRequest) || openid_request.mode == 'checkid_immediate'
||
-       user_owns_identity_url?       
+       user_owns_identity_url?
       return true
-    else
+    elsif current_user
       # Use sessions here since they may not immediatly goto the login page, so it needs
       # to persist.
       session[:error] = "You do not own #{CGI.escapeHTML(params['openid.identity'])}." +
@@ -274,9 +276,8 @@
       # Tell the view that the user is logged in, though as someone else
       flash[:not_owner] = true
 
-      # Don't need to redirect the user here, since "check_for_human" is called
-      # later in the "before_filter" chain and thus will take care of redirection
-      # for us.
+      # At this point redirect to the appropriate login page
+      openid_login_needed
     end
   end
   
@@ -284,7 +285,24 @@
   def check_for_human
     session[:previous_protocol] = request.protocol
     
-    openid_login_required if openid_request.is_a?(OpenID::Server::CheckIDRequest) &&
openid_request.mode == 'checkid_setup'
+    # If this is a "checkid_setup" request, make sure we have a logged in user
+    if openid_request.is_a?(OpenID::Server::CheckIDRequest) && openid_request.mode
== 'checkid_setup'
+      return true if current_user
+      
+      openid_login_needed
+    else
+      return true
+    end
+  end
+  
+  def openid_login_needed
+    store_location
+
+    if APP_CONFIG[:safe_signin]
+      redirect_to :controller=>"/account", :action =>"login_required" and return false
+    else
+      redirect_to :controller=>"/account", :action =>"login" and return false
+    end
   end
 
   def server # :nodoc:

Modified: incubator/heraldry/idp/pip/trunk/lib/authenticated_system.rb
URL: http://svn.apache.org/viewvc/incubator/heraldry/idp/pip/trunk/lib/authenticated_system.rb?view=diff&rev=500179&r1=500178&r2=500179
==============================================================================
--- incubator/heraldry/idp/pip/trunk/lib/authenticated_system.rb (original)
+++ incubator/heraldry/idp/pip/trunk/lib/authenticated_system.rb Fri Jan 26 00:27:54 2007
@@ -90,26 +90,6 @@
     # call overwriteable reaction to unauthorized access
     access_denied and return false
   end
-  
-  # Like login_required, but designed to be used when there is an incoming OpenID
-  # request and thus will redirect to the anti-phishing "you must login" screen
-  def openid_login_required
-      # Unlike "login_required", don't do protected check since this is called
-      # explicitly when needed within controller methods.
-    
-      # check if user is logged in and authorized
-      return true if logged_in? and authorized?(current_user)
-
-      # store current location so that we can 
-      # come back after the user logged in
-      store_location
-
-      if APP_CONFIG[:safe_signin]
-        redirect_to :controller=>"/account", :action =>"login_required" and return
false
-      else
-        redirect_to :controller=>"/account", :action =>"login" and return false
-      end
-  end
 
   # overwrite if you want to have special behavior in case the user is not authorized
   # to access the current operation. 



Mime
View raw message