protect_from_forgery
if STATUS == :database_readonly or STATUS == :database_offline
- session :off
+ after_filter :clear_session
+ wrap_parameters false
+
+ def clear_session
+ session.clear
+ end
def self.cache_sweeper(*sweepers)
end
def authorize_web
if session[:user]
- @user = User.find(session[:user], :conditions => {:status => ["active", "confirmed", "suspended"]})
+ @user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
if @user.status == "suspended"
session.delete(:user)
end
end
elsif session[:token]
- @user = User.authenticate(:token => session[:token])
- session[:user] = @user.id
+ if @user = User.authenticate(:token => session[:token])
+ session[:user] = @user.id
+ end
end
rescue Exception => ex
logger.info("Exception authorizing user: #{ex.to_s}")
# is optional.
def setup_user_auth
# try and setup using OAuth
- if oauthenticate
- @user = current_token.user
- else
+ if not Authenticator.new(self, [:token]).allow?
username, passwd = get_auth_data # parse from headers
# authenticate per-scheme
if username.nil?
request.headers['X-Error-Format'].downcase == "xml"
result = OSM::API.new.get_xml_doc
result.root.name = "osmError"
- result.root << (XML::Node.new("status") << interpret_status(status))
+ result.root << (XML::Node.new("status") << "#{Rack::Utils.status_code(status)} #{Rack::Utils::HTTP_STATUS_CODES[status]}")
result.root << (XML::Node.new("message") << message)
render :text => result.to_s, :content_type => "text/xml"
return [user, pass]
end
+ # used by oauth plugin to set the current user
+ def current_user=(user)
+ @user=user
+ end
+
+ # override to stop oauth plugin sending errors
+ def invalid_oauth_response
+ end
+
end