Move authenticated_system to app/concerns

It also depends on models from app, and lib can't depend on app

Move authenticated_system to app/concerns
It also depends on models from app, and lib can't depend on app
Braulio Bhavamitra
1 parent df0c5164
Showing 3 changed files with 160 additions and 161 deletions Show diff stats
app/concerns/authenticated_system.rb
config/application.rb
lib/authenticated_system.rb
@@ -0,0 +1,160 @@
+module AuthenticatedSystem
+
+  protected
+
+    def self.included base
+      if base < ActionController::Base
+        base.around_filter :user_set_current
+        base.before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      base.helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user
+      @current_user ||= begin
+        id = session[:user]
+        user = User.where(id: id).first if id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -40,7 +40,6 @@ module Noosfero
     # Custom directories with classes and modules you want to be autoloadable.
     config.autoload_paths << config.root.join('lib')
     config.autoload_paths << config.root.join('app')
-    config.autoload_paths << config.root.join('app/jobs')
     config.autoload_paths << config.root.join('app/sweepers')
     config.autoload_paths.concat Dir["#{config.root}/app/controllers/**/"]
     config.autoload_paths << config.root.join('test', 'mocks', Rails.env)
@@ -1,160 +0,0 @@
-module AuthenticatedSystem
-
-  protected
-
-    def self.included base
-      if base < ActionController::Base
-        base.around_filter :user_set_current
-        base.before_filter :login_from_cookie
-      end
-
-      # Inclusion hook to make #current_user and #logged_in?
-      # available as ActionView helper methods.
-      base.helper_method :current_user, :logged_in?
-    end
-
-    # Returns true or false if the user is logged in.
-    # Preloads @current_user with the user model if they're logged in.
-    def logged_in?
-      current_user != nil
-    end
-
-    # Accesses the current user from the session.
-    def current_user
-      @current_user ||= begin
-        id = session[:user]
-        user = User.where(id: id).first if id
-        user.session = session if user
-        User.current = user
-        user
-      end
-    end
-
-    # Store the given user in the session.
-    def current_user=(new_user)
-      if new_user.nil?
-        session.delete(:user)
-      else
-        session[:user] = new_user.id
-        new_user.session = session
-        new_user.register_login
-      end
-      @current_user = User.current = new_user
-    end
-
-    # See impl. from http://stackoverflow.com/a/2513456/670229
-    def user_set_current
-      User.current = current_user
-      yield
-    ensure
-      # to address the thread variable leak issues in Puma/Thin webserver
-      User.current = nil
-    end
-
-    # Check if the user is authorized.
-    #
-    # Override this method in your controllers if you want to restrict access
-    # to only a few actions or if you want to check if the user
-    # has the correct rights.
-    #
-    # Example:
-    #
-    #  # only allow nonbobs
-    #  def authorize?
-    #    current_user.login != "bob"
-    #  end
-    def authorized?
-      true
-    end
-
-    # Filter method to enforce a login requirement.
-    #
-    # To require logins for all actions, use this in your controllers:
-    #
-    #   before_filter :login_required
-    #
-    # To require logins for specific actions, use this in your controllers:
-    #
-    #   before_filter :login_required, :only => [ :edit, :update ]
-    #
-    # To skip this in a subclassed controller:
-    #
-    #   skip_before_filter :login_required
-    #
-    def login_required
-      username, passwd = get_auth_data
-      if username && passwd
-        self.current_user ||= User.authenticate(username, passwd) || nil
-      end
-      if logged_in? && authorized?
-        true
-      else
-        if params[:require_login_popup]
-          render :json => { :require_login_popup => true }
-        else
-          access_denied
-        end
-      end
-    end
-
-    # Redirect as appropriate when an access request fails.
-    #
-    # The default action is to redirect to the login screen.
-    #
-    # Override this method in your controllers if you want to have special
-    # behavior in case the user is not authorized
-    # to access the requested action.  For example, a popup window might
-    # simply close itself.
-    def access_denied
-      respond_to do |accepts|
-        accepts.html do
-          if request.xhr?
-            render :text => _('Access denied'), :status => 401
-          else
-            store_location
-            redirect_to :controller => '/account', :action => 'login'
-          end
-        end
-        accepts.xml do
-          headers["Status"]           = "Unauthorized"
-          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-          render :text => "Could't authenticate you", :status => '401 Unauthorized'
-        end
-      end
-      false
-    end
-
-    # Store the URI of the current request in the session.
-    #
-    # We can return to this location by calling #redirect_back_or_default.
-    def store_location(location = request.url)
-      session[:return_to] = location
-    end
-
-    # Redirect to the URI stored by the most recent store_location call or
-    # to the passed default.
-    def redirect_back_or_default(default)
-      if session[:return_to]
-        redirect_to(session.delete(:return_to))
-      else
-        redirect_to(default)
-      end
-    end
-
-    # When called with before_filter :login_from_cookie will check for an :auth_token
-    # cookie and log the user back in if apropriate
-    def login_from_cookie
-      return if cookies[:auth_token].blank? or logged_in?
-      user = User.where(remember_token: cookies[:auth_token]).first
-      self.current_user = user if user and user.remember_token?
-    end
-
-  private
-    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-    # gets BASIC auth info
-    def get_auth_data
-      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
-    end
-end
...	...	@@ -0,0 +1,160 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ def self.included base
	6	+ if base < ActionController::Base
	7	+ base.around_filter :user_set_current
	8	+ base.before_filter :login_from_cookie
	9	+ end
	10	+
	11	+ # Inclusion hook to make #current_user and #logged_in?
	12	+ # available as ActionView helper methods.
	13	+ base.helper_method :current_user, :logged_in?
	14	+ end
	15	+
	16	+ # Returns true or false if the user is logged in.
	17	+ # Preloads @current_user with the user model if they're logged in.
	18	+ def logged_in?
	19	+ current_user != nil
	20	+ end
	21	+
	22	+ # Accesses the current user from the session.
	23	+ def current_user
	24	+ @current_user \|\|= begin
	25	+ id = session[:user]
	26	+ user = User.where(id: id).first if id
	27	+ user.session = session if user
	28	+ User.current = user
	29	+ user
	30	+ end
	31	+ end
	32	+
	33	+ # Store the given user in the session.
	34	+ def current_user=(new_user)
	35	+ if new_user.nil?
	36	+ session.delete(:user)
	37	+ else
	38	+ session[:user] = new_user.id
	39	+ new_user.session = session
	40	+ new_user.register_login
	41	+ end
	42	+ @current_user = User.current = new_user
	43	+ end
	44	+
	45	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	46	+ def user_set_current
	47	+ User.current = current_user
	48	+ yield
	49	+ ensure
	50	+ # to address the thread variable leak issues in Puma/Thin webserver
	51	+ User.current = nil
	52	+ end
	53	+
	54	+ # Check if the user is authorized.
	55	+ #
	56	+ # Override this method in your controllers if you want to restrict access
	57	+ # to only a few actions or if you want to check if the user
	58	+ # has the correct rights.
	59	+ #
	60	+ # Example:
	61	+ #
	62	+ # # only allow nonbobs
	63	+ # def authorize?
	64	+ # current_user.login != "bob"
	65	+ # end
	66	+ def authorized?
	67	+ true
	68	+ end
	69	+
	70	+ # Filter method to enforce a login requirement.
	71	+ #
	72	+ # To require logins for all actions, use this in your controllers:
	73	+ #
	74	+ # before_filter :login_required
	75	+ #
	76	+ # To require logins for specific actions, use this in your controllers:
	77	+ #
	78	+ # before_filter :login_required, :only => [ :edit, :update ]
	79	+ #
	80	+ # To skip this in a subclassed controller:
	81	+ #
	82	+ # skip_before_filter :login_required
	83	+ #
	84	+ def login_required
	85	+ username, passwd = get_auth_data
	86	+ if username && passwd
	87	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	88	+ end
	89	+ if logged_in? && authorized?
	90	+ true
	91	+ else
	92	+ if params[:require_login_popup]
	93	+ render :json => { :require_login_popup => true }
	94	+ else
	95	+ access_denied
	96	+ end
	97	+ end
	98	+ end
	99	+
	100	+ # Redirect as appropriate when an access request fails.
	101	+ #
	102	+ # The default action is to redirect to the login screen.
	103	+ #
	104	+ # Override this method in your controllers if you want to have special
	105	+ # behavior in case the user is not authorized
	106	+ # to access the requested action. For example, a popup window might
	107	+ # simply close itself.
	108	+ def access_denied
	109	+ respond_to do \|accepts\|
	110	+ accepts.html do
	111	+ if request.xhr?
	112	+ render :text => _('Access denied'), :status => 401
	113	+ else
	114	+ store_location
	115	+ redirect_to :controller => '/account', :action => 'login'
	116	+ end
	117	+ end
	118	+ accepts.xml do
	119	+ headers["Status"] = "Unauthorized"
	120	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	121	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	122	+ end
	123	+ end
	124	+ false
	125	+ end
	126	+
	127	+ # Store the URI of the current request in the session.
	128	+ #
	129	+ # We can return to this location by calling #redirect_back_or_default.
	130	+ def store_location(location = request.url)
	131	+ session[:return_to] = location
	132	+ end
	133	+
	134	+ # Redirect to the URI stored by the most recent store_location call or
	135	+ # to the passed default.
	136	+ def redirect_back_or_default(default)
	137	+ if session[:return_to]
	138	+ redirect_to(session.delete(:return_to))
	139	+ else
	140	+ redirect_to(default)
	141	+ end
	142	+ end
	143	+
	144	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	145	+ # cookie and log the user back in if apropriate
	146	+ def login_from_cookie
	147	+ return if cookies[:auth_token].blank? or logged_in?
	148	+ user = User.where(remember_token: cookies[:auth_token]).first
	149	+ self.current_user = user if user and user.remember_token?
	150	+ end
	151	+
	152	+ private
	153	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	154	+ # gets BASIC auth info
	155	+ def get_auth_data
	156	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	157	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	158	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	159	+ end
	160	+end
...	...
...	...	@@ -40,7 +40,6 @@ module Noosfero
40	40	# Custom directories with classes and modules you want to be autoloadable.
41	41	config.autoload_paths << config.root.join('lib')
42	42	config.autoload_paths << config.root.join('app')
43		- config.autoload_paths << config.root.join('app/jobs')
44	43	config.autoload_paths << config.root.join('app/sweepers')
45	44	config.autoload_paths.concat Dir["#{config.root}/app/controllers/**/"]
46	45	config.autoload_paths << config.root.join('test', 'mocks', Rails.env)
...	...
...	...	@@ -1,160 +0,0 @@
1		-module AuthenticatedSystem
2		-
3		- protected
4		-
5		- def self.included base
6		- if base < ActionController::Base
7		- base.around_filter :user_set_current
8		- base.before_filter :login_from_cookie
9		- end
10		-
11		- # Inclusion hook to make #current_user and #logged_in?
12		- # available as ActionView helper methods.
13		- base.helper_method :current_user, :logged_in?
14		- end
15		-
16		- # Returns true or false if the user is logged in.
17		- # Preloads @current_user with the user model if they're logged in.
18		- def logged_in?
19		- current_user != nil
20		- end
21		-
22		- # Accesses the current user from the session.
23		- def current_user
24		- @current_user \|\|= begin
25		- id = session[:user]
26		- user = User.where(id: id).first if id
27		- user.session = session if user
28		- User.current = user
29		- user
30		- end
31		- end
32		-
33		- # Store the given user in the session.
34		- def current_user=(new_user)
35		- if new_user.nil?
36		- session.delete(:user)
37		- else
38		- session[:user] = new_user.id
39		- new_user.session = session
40		- new_user.register_login
41		- end
42		- @current_user = User.current = new_user
43		- end
44		-
45		- # See impl. from http://stackoverflow.com/a/2513456/670229
46		- def user_set_current
47		- User.current = current_user
48		- yield
49		- ensure
50		- # to address the thread variable leak issues in Puma/Thin webserver
51		- User.current = nil
52		- end
53		-
54		- # Check if the user is authorized.
55		- #
56		- # Override this method in your controllers if you want to restrict access
57		- # to only a few actions or if you want to check if the user
58		- # has the correct rights.
59		- #
60		- # Example:
61		- #
62		- # # only allow nonbobs
63		- # def authorize?
64		- # current_user.login != "bob"
65		- # end
66		- def authorized?
67		- true
68		- end
69		-
70		- # Filter method to enforce a login requirement.
71		- #
72		- # To require logins for all actions, use this in your controllers:
73		- #
74		- # before_filter :login_required
75		- #
76		- # To require logins for specific actions, use this in your controllers:
77		- #
78		- # before_filter :login_required, :only => [ :edit, :update ]
79		- #
80		- # To skip this in a subclassed controller:
81		- #
82		- # skip_before_filter :login_required
83		- #
84		- def login_required
85		- username, passwd = get_auth_data
86		- if username && passwd
87		- self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
88		- end
89		- if logged_in? && authorized?
90		- true
91		- else
92		- if params[:require_login_popup]
93		- render :json => { :require_login_popup => true }
94		- else
95		- access_denied
96		- end
97		- end
98		- end
99		-
100		- # Redirect as appropriate when an access request fails.
101		- #
102		- # The default action is to redirect to the login screen.
103		- #
104		- # Override this method in your controllers if you want to have special
105		- # behavior in case the user is not authorized
106		- # to access the requested action. For example, a popup window might
107		- # simply close itself.
108		- def access_denied
109		- respond_to do \|accepts\|
110		- accepts.html do
111		- if request.xhr?
112		- render :text => _('Access denied'), :status => 401
113		- else
114		- store_location
115		- redirect_to :controller => '/account', :action => 'login'
116		- end
117		- end
118		- accepts.xml do
119		- headers["Status"] = "Unauthorized"
120		- headers["WWW-Authenticate"] = %(Basic realm="Web Password")
121		- render :text => "Could't authenticate you", :status => '401 Unauthorized'
122		- end
123		- end
124		- false
125		- end
126		-
127		- # Store the URI of the current request in the session.
128		- #
129		- # We can return to this location by calling #redirect_back_or_default.
130		- def store_location(location = request.url)
131		- session[:return_to] = location
132		- end
133		-
134		- # Redirect to the URI stored by the most recent store_location call or
135		- # to the passed default.
136		- def redirect_back_or_default(default)
137		- if session[:return_to]
138		- redirect_to(session.delete(:return_to))
139		- else
140		- redirect_to(default)
141		- end
142		- end
143		-
144		- # When called with before_filter :login_from_cookie will check for an :auth_token
145		- # cookie and log the user back in if apropriate
146		- def login_from_cookie
147		- return if cookies[:auth_token].blank? or logged_in?
148		- user = User.where(remember_token: cookies[:auth_token]).first
149		- self.current_user = user if user and user.remember_token?
150		- end
151		-
152		- private
153		- @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
154		- # gets BASIC auth info
155		- def get_auth_data
156		- auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
157		- auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
158		- return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
159		- end
160		-end