class ApplicationController < ActionController::Base
+ include SessionPersistence
protect_from_forgery
if STATUS == :database_readonly or STATUS == :database_offline
- session :off
+ after_filter :clear_session
+ wrap_parameters false
+
+ def clear_session
+ session.clear
+ end
def self.cache_sweeper(*sweepers)
end
if session[:user]
@user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
- if @user.status == "suspended"
+ if @user.display_name != cookies["_osm_username"]
+ logger.info "Session user '#{@user.display_name}' does not match cookie user '#{cookies['_osm_username']}'"
+ reset_session
+ @user = nil
+ elsif @user.status == "suspended"
session.delete(:user)
session_expires_automatically
end
end
elsif session[:token]
- @user = User.authenticate(:token => session[:token])
- session[:user] = @user.id
+ if @user = User.authenticate(:token => session[:token])
+ session[:user] = @user.id
+ end
end
rescue Exception => ex
logger.info("Exception authorizing user: #{ex.to_s}")
+ reset_session
@user = nil
end
def require_user
- redirect_to :controller => 'user', :action => 'login', :referer => request.fullpath unless @user
+ unless @user
+ if request.get?
+ redirect_to :controller => 'user', :action => 'login', :referer => request.fullpath
+ else
+ render :nothing => true, :status => :forbidden
+ end
+ end
end
##
# is optional.
def setup_user_auth
# try and setup using OAuth
- if Authenticator.new(self, [:token]).allow?
- @user = current_token.user
- else
+ if not Authenticator.new(self, [:token]).allow?
username, passwd = get_auth_data # parse from headers
# authenticate per-scheme
if username.nil?
end
end
- I18n.locale = request.compatible_language_from(I18n.available_locales)
+ I18n.locale = request.compatible_language_from(I18n.available_locales) || I18n.default_locale
response.headers['Content-Language'] = I18n.locale.to_s
end
report_error message, :bad_request
rescue OSM::APIError => ex
report_error ex.message, ex.status
- rescue ActionController::UnknownAction => ex
+ rescue AbstractController::ActionNotFound => ex
raise
rescue Exception => ex
logger.info("API threw unexpected #{ex.class} exception: #{ex.message}")
##
# wrap an api call in a timeout
def api_call_timeout
- SystemTimer.timeout_after(API_TIMEOUT) do
+ OSM::Timer.timeout(API_TIMEOUT) do
yield
end
rescue Timeout::Error
##
# wrap a web page in a timeout
def web_timeout
- SystemTimer.timeout_after(WEB_TIMEOUT) do
+ OSM::Timer.timeout(WEB_TIMEOUT) do
yield
end
- rescue ActionView::TemplateError => ex
- if ex.original_exception.is_a?(Timeout::Error)
+ rescue ActionView::Template::Error => ex
+ ex = ex.original_exception
+
+ if ex.is_a?(ActiveRecord::StatementInvalid) and ex.message =~ /^Timeout::Error/
+ ex = Timeout::Error.new
+ end
+
+ if ex.is_a?(Timeout::Error)
render :action => "timeout"
else
raise
end)
options[:cache_path] = Proc.new do |controller|
- cache_path.merge(controller.params).merge(:locale => I18n.locale)
+ cache_path.merge(controller.params).merge(:host => SERVER_URL, :locale => I18n.locale)
end
actions.push(options)
# extend expire_action to expire all variants
def expire_action(options = {})
I18n.available_locales.each do |locale|
- super options.merge(:locale => locale)
+ super options.merge(:host => SERVER_URL, :locale => locale)
end
end
return [user, pass]
end
+ # used by oauth plugin to get the current user
+ def current_user
+ @user
+ end
+
+ # used by oauth plugin to set the current user
+ def current_user=(user)
+ @user=user
+ end
+
# override to stop oauth plugin sending errors
def invalid_oauth_response
end