]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/application_controller.rb
Allow redirects to authentication services from the settings page
[rails.git] / app / controllers / application_controller.rb
index 8adea79a4fadc7ae2c55c0df110927b3fb491e6d..052858932c26ff11233a75fb8b81d329d2e81631 100644 (file)
@@ -23,7 +23,11 @@ class ApplicationController < ActionController::Base
     if session[:user]
       self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
 
-      if current_user.status == "suspended"
+      if session[:fingerprint] &&
+         session[:fingerprint] != current_user.fingerprint
+        reset_session
+        self.current_user = nil
+      elsif current_user.status == "suspended"
         session.delete(:user)
         session_expires_automatically
 
@@ -42,6 +46,8 @@ class ApplicationController < ActionController::Base
     elsif session[:token]
       session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
     end
+
+    session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
   rescue StandardError => e
     logger.info("Exception authorizing user: #{e}")
     reset_session