X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c24c2e481cc6d27e76274ed4e32668a4690a7788..865d20af80a70929c761e3ea6d1010669bb4ed62:/app/controllers/application_controller.rb?ds=inline diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index f1e847e10..052858932 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -11,8 +11,7 @@ class ApplicationController < ActionController::Base before_action :fetch_body around_action :better_errors_allow_inline, :if => proc { Rails.env.development? } - attr_accessor :current_user - attr_accessor :oauth_token + attr_accessor :current_user, :oauth_token helper_method :current_user helper_method :oauth_token @@ -24,7 +23,11 @@ class ApplicationController < ActionController::Base if session[:user] self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first - if current_user.status == "suspended" + if session[:fingerprint] && + session[:fingerprint] != current_user.fingerprint + reset_session + self.current_user = nil + elsif current_user.status == "suspended" session.delete(:user) session_expires_automatically @@ -43,6 +46,8 @@ class ApplicationController < ActionController::Base elsif session[:token] session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token]) end + + session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil? rescue StandardError => e logger.info("Exception authorizing user: #{e}") reset_session @@ -115,9 +120,10 @@ class ApplicationController < ActionController::Base end def database_status - if Settings.status == "database_offline" + case Settings.status + when "database_offline" "offline" - elsif Settings.status == "database_readonly" + when "database_readonly" "readonly" else "online" @@ -127,9 +133,10 @@ class ApplicationController < ActionController::Base def api_status status = database_status if status == "online" - if Settings.status == "api_offline" + case Settings.status + when "api_offline" status = "offline" - elsif Settings.status == "api_readonly" + when "api_readonly" status = "readonly" end end @@ -215,26 +222,22 @@ class ApplicationController < ActionController::Base # asserts that the request method is the +method+ given as a parameter # or raises a suitable error. +method+ should be a symbol, e.g: :put or :get. def assert_method(method) - ok = request.send((method.to_s.downcase + "?").to_sym) + ok = request.send(:"#{method.to_s.downcase}?") raise OSM::APIBadMethodError, method unless ok end ## # wrap an api call in a timeout - def api_call_timeout - OSM::Timer.timeout(Settings.api_timeout, Timeout::Error) do - yield - end + def api_call_timeout(&block) + OSM::Timer.timeout(Settings.api_timeout, Timeout::Error, &block) rescue Timeout::Error raise OSM::APITimeoutError end ## # wrap a web page in a timeout - def web_timeout - OSM::Timer.timeout(Settings.web_timeout, Timeout::Error) do - yield - end + def web_timeout(&block) + OSM::Timer.timeout(Settings.web_timeout, Timeout::Error, &block) rescue ActionView::Template::Error => e e = e.cause @@ -288,9 +291,10 @@ class ApplicationController < ActionController::Base :style_src => %w['unsafe-inline'] ) - if Settings.status == "database_offline" || Settings.status == "api_offline" + case Settings.status + when "database_offline", "api_offline" flash.now[:warning] = t("layouts.osm_offline") - elsif Settings.status == "database_readonly" || Settings.status == "api_readonly" + when "database_readonly", "api_readonly" flash.now[:warning] = t("layouts.osm_read_only") end @@ -302,15 +306,13 @@ class ApplicationController < ActionController::Base end def preferred_editor - editor = if params[:editor] - params[:editor] - elsif current_user&.preferred_editor - current_user.preferred_editor - else - Settings.default_editor - end - - editor + if params[:editor] + params[:editor] + elsif current_user&.preferred_editor + current_user.preferred_editor + else + Settings.default_editor + end end helper_method :preferred_editor