protect_from_forgery
- before_filter :fetch_body
+ before_action :fetch_body
def authorize_web
if session[:user]
render :action => "timeout"
end
- ##
- # is the requestor logged in?
- def logged_in?
- !@user.nil?
- end
-
##
# ensure that there is a "this_user" instance variable
def lookup_this_user
DEFAULT_EDITOR
end
- if request.env["HTTP_USER_AGENT"] =~ /MSIE|Trident/ && editor == "id"
- editor = "potlatch2"
- end
-
editor
end
# extract authorisation credentials from headers, returns user = nil if none
def get_auth_data
- if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it
+ if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it
authdata = request.env["X-HTTP_AUTHORIZATION"].to_s.split
- elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi
+ elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi
authdata = request.env["REDIRECT_X_HTTP_AUTHORIZATION"].to_s.split
- elsif request.env.key? "HTTP_AUTHORIZATION" # regular location
+ elsif request.env.key? "HTTP_AUTHORIZATION" # regular location
authdata = request.env["HTTP_AUTHORIZATION"].to_s.split
end
# only basic authentication supported
projects / rails.git / blobdiff