def authorize_web
if session[:user]
- self.current_user = User.where(:id => session[:user], :status => %w[active confirmed suspended]).first
+ self.current_user = User.find_by(:id => session[:user], :status => %w[active confirmed suspended])
if session[:fingerprint] &&
session[:fingerprint] != current_user.fingerprint
redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
end
end
- elsif session[:token]
- session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
end
session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
##
# wrap a web page in a timeout
def web_timeout(&block)
- Timeout.timeout(Settings.web_timeout, Timeout::Error, &block)
+ Timeout.timeout(Settings.web_timeout, &block)
rescue ActionView::Template::Error => e
e = e.cause
render :action => "timeout"
end
- ##
- # ensure that there is a "user" instance variable
- def lookup_user
- render_unknown_user params[:display_name] unless @user = User.active.find_by(:display_name => params[:display_name])
- end
-
- ##
- # render a "no such user" page
- def render_unknown_user(name)
- @title = t "users.no_such_user.title"
- @not_found_user = name
-
- respond_to do |format|
- format.html { render :template => "users/no_such_user", :status => :not_found }
- format.all { head :not_found }
- end
- end
-
##
# Unfortunately if a PUT or POST request that has a body fails to
# read it then Apache will sometimes fail to return the response it