protect_from_forgery
- before_filter :fetch_body
+ before_action :fetch_body
def authorize_web
if session[:user]
# phrase from that, we can also put the error message into the status
# message. For now, rails won't let us)
def report_error(message, status = :bad_request)
- # Todo: some sort of escaping of problem characters in the message
+ # TODO: some sort of escaping of problem characters in the message
response.headers["Error"] = message
if request.headers["X-Error-Format"] &&
render :action => "timeout"
end
- ##
- # is the requestor logged in?
- def logged_in?
- !@user.nil?
- end
-
##
# ensure that there is a "this_user" instance variable
def lookup_this_user
# extract authorisation credentials from headers, returns user = nil if none
def get_auth_data
- if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it
+ if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it
authdata = request.env["X-HTTP_AUTHORIZATION"].to_s.split
- elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi
+ elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi
authdata = request.env["REDIRECT_X_HTTP_AUTHORIZATION"].to_s.split
- elsif request.env.key? "HTTP_AUTHORIZATION" # regular location
+ elsif request.env.key? "HTTP_AUTHORIZATION" # regular location
authdata = request.env["HTTP_AUTHORIZATION"].to_s.split
end
# only basic authentication supported
projects / rails.git / blobdiff