-# Filters added to this controller will be run for all controllers in the application.
-# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
+ protect_from_forgery
+
if STATUS == :database_readonly or STATUS == :database_offline
session :off
def authorize_web
if session[:user]
- @user = User.find(session[:user], :conditions => {:status => ["active", "confirmed", "suspended"]})
+ @user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
if @user.status == "suspended"
session.delete(:user)
if params[:referer]
redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
else
- redirect_to :controller => "user", :action => "terms", :referer => request.request_uri
+ redirect_to :controller => "user", :action => "terms", :referer => request.fullpath
end
end
elsif session[:token]
end
def require_user
- redirect_to :controller => 'user', :action => 'login', :referer => request.request_uri unless @user
+ redirect_to :controller => 'user', :action => 'login', :referer => request.fullpath unless @user
end
##
# is optional.
def setup_user_auth
# try and setup using OAuth
- if oauthenticate
+ if Authenticator.new(self, [:token]).allow?
@user = current_token.user
else
username, passwd = get_auth_data # parse from headers
request.headers['X-Error-Format'].downcase == "xml"
result = OSM::API.new.get_xml_doc
result.root.name = "osmError"
- result.root << (XML::Node.new("status") << interpret_status(status))
+ result.root << (XML::Node.new("status") << "#{Rack::Utils.status_code(status)} #{Rack::Utils::HTTP_STATUS_CODES[status]}")
result.root << (XML::Node.new("message") << message)
render :text => result.to_s, :content_type => "text/xml"
return [user, pass]
end
+ # override to stop oauth plugin sending errors
+ def invalid_oauth_response
+ end
+
end