X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/75e135869e26a1aeae93f3334668de01c3bb2f69..e6d7da3a629c952a5d27f4d356dd4d5c4293848a:/app/controllers/application_controller.rb?ds=sidebyside

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 3f6abc470..052858932 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -23,7 +23,11 @@ class ApplicationController < ActionController::Base
     if session[:user]
       self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
 
-      if current_user.status == "suspended"
+      if session[:fingerprint] &&
+         session[:fingerprint] != current_user.fingerprint
+        reset_session
+        self.current_user = nil
+      elsif current_user.status == "suspended"
         session.delete(:user)
         session_expires_automatically
 
@@ -42,6 +46,8 @@ class ApplicationController < ActionController::Base
     elsif session[:token]
       session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
     end
+
+    session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
   rescue StandardError => e
     logger.info("Exception authorizing user: #{e}")
     reset_session
@@ -216,7 +222,7 @@ class ApplicationController < ActionController::Base
   # asserts that the request method is the +method+ given as a parameter
   # or raises a suitable error. +method+ should be a symbol, e.g: :put or :get.
   def assert_method(method)
-    ok = request.send((method.to_s.downcase + "?").to_sym)
+    ok = request.send(:"#{method.to_s.downcase}?")
     raise OSM::APIBadMethodError, method unless ok
   end