X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/d2877982a261bc621b57031ad78f4ed10230be3c..8de8ef4f6b0174f68efca340b2e71df34fe2ae63:/app/controllers/application.rb?ds=inline diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 6cd6dac06..366646ae3 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -2,28 +2,28 @@ # Likewise, all the methods added will be available for all controllers. class ApplicationController < ActionController::Base + def authorize_web + @user = User.find_by_token(session[:token]) + end - - # HTTP AUTH stuff for the API - def authorize(realm='Web Password', errormessage="Could't authenticate you") username, passwd = get_auth_data # check if authorized # try to get user - if user = User.authenticate(username, passwd) + if @user = User.authenticate(username, passwd) # user exists and password is correct ... horray! - if user.methods.include? 'lastlogin' + if @user.methods.include? 'lastlogin' # note last login @session['lastlogin'] = user.lastlogin - user.last.login = Time.now - user.save() - @session["User.id"] = user.id + @user.last.login = Time.now + @user.save() + @session["User.id"] = @user.id end else # the user does not exist or the password was wrong @response.headers["Status"] = "Unauthorized" @response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" - render_text(errormessage, 401) + render_text(errormessage, 401) end end