Move authenticated_system to app/concerns

It also depends on models from app, and lib can't depend on app

Move authenticated_system to app/concerns
It also depends on models from app, and lib can't depend on app
Braulio Bhavamitra
1 parent df0c5164
Showing 3 changed files with 160 additions and 161 deletions Show diff stats
app/concerns/authenticated_system.rb
config/application.rb
lib/authenticated_system.rb
@@ -0,0 +1,160 @@
+module AuthenticatedSystem
+
+  protected
+
+    def self.included base
+      if base < ActionController::Base
+        base.around_filter :user_set_current
+        base.before_filter :login_from_cookie
+      end
+
+      # Inclusion hook to make #current_user and #logged_in?
+      # available as ActionView helper methods.
+      base.helper_method :current_user, :logged_in?
+    end
+
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != nil
+    end
+
+    # Accesses the current user from the session.
+    def current_user
+      @current_user ||= begin
+        id = session[:user]
+        user = User.where(id: id).first if id
+        user.session = session if user
+        User.current = user
+        user
+      end
+    end
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      if new_user.nil?
+        session.delete(:user)
+      else
+        session[:user] = new_user.id
+        new_user.session = session
+        new_user.register_login
+      end
+      @current_user = User.current = new_user
+    end
+
+    # See impl. from http://stackoverflow.com/a/2513456/670229
+    def user_set_current
+      User.current = current_user
+      yield
+    ensure
+      # to address the thread variable leak issues in Puma/Thin webserver
+      User.current = nil
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      username, passwd = get_auth_data
+      if username && passwd
+        self.current_user ||= User.authenticate(username, passwd) || nil
+      end
+      if logged_in? && authorized?
+        true
+      else
+        if params[:require_login_popup]
+          render :json => { :require_login_popup => true }
+        else
+          access_denied
+        end
+      end
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          if request.xhr?
+            render :text => _('Access denied'), :status => 401
+          else
+            store_location
+            redirect_to :controller => '/account', :action => 'login'
+          end
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location(location = request.url)
+      session[:return_to] = location
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      if session[:return_to]
+        redirect_to(session.delete(:return_to))
+      else
+        redirect_to(default)
+      end
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return if cookies[:auth_token].blank? or logged_in?
+      user = User.where(remember_token: cookies[:auth_token]).first
+      self.current_user = user if user and user.remember_token?
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+end
@@ -40,7 +40,6 @@ module Noosfero
     # Custom directories with classes and modules you want to be autoloadable.
     config.autoload_paths << config.root.join('lib')
     config.autoload_paths << config.root.join('app')
-    config.autoload_paths << config.root.join('app/jobs')
     config.autoload_paths << config.root.join('app/sweepers')
     config.autoload_paths.concat Dir["#{config.root}/app/controllers/**/"]
     config.autoload_paths << config.root.join('test', 'mocks', Rails.env)
@@ -1,160 +0,0 @@
-module AuthenticatedSystem
-
-  protected
-
-    def self.included base
-      if base < ActionController::Base
-        base.around_filter :user_set_current
-        base.before_filter :login_from_cookie
-      end
-
-      # Inclusion hook to make #current_user and #logged_in?
-      # available as ActionView helper methods.
-      base.helper_method :current_user, :logged_in?
-    end
-
-    # Returns true or false if the user is logged in.
-    # Preloads @current_user with the user model if they're logged in.
-    def logged_in?
-      current_user != nil
-    end
-
-    # Accesses the current user from the session.
-    def current_user
-      @current_user ||= begin
-        id = session[:user]
-        user = User.where(id: id).first if id
-        user.session = session if user
-        User.current = user
-        user
-      end
-    end
-
-    # Store the given user in the session.
-    def current_user=(new_user)
-      if new_user.nil?
-        session.delete(:user)
-      else
-        session[:user] = new_user.id
-        new_user.session = session
-        new_user.register_login
-      end
-      @current_user = User.current = new_user
-    end
-
-    # See impl. from http://stackoverflow.com/a/2513456/670229
-    def user_set_current
-      User.current = current_user
-      yield
-    ensure
-      # to address the thread variable leak issues in Puma/Thin webserver
-      User.current = nil
-    end
-
-    # Check if the user is authorized.
-    #
-    # Override this method in your controllers if you want to restrict access
-    # to only a few actions or if you want to check if the user
-    # has the correct rights.
-    #
-    # Example:
-    #
-    #  # only allow nonbobs
-    #  def authorize?
-    #    current_user.login != "bob"
-    #  end
-    def authorized?
-      true
-    end
-
-    # Filter method to enforce a login requirement.
-    #
-    # To require logins for all actions, use this in your controllers:
-    #
-    #   before_filter :login_required
-    #
-    # To require logins for specific actions, use this in your controllers:
-    #
-    #   before_filter :login_required, :only => [ :edit, :update ]
-    #
-    # To skip this in a subclassed controller:
-    #
-    #   skip_before_filter :login_required
-    #
-    def login_required
-      username, passwd = get_auth_data
-      if username && passwd
-        self.current_user ||= User.authenticate(username, passwd) || nil
-      end
-      if logged_in? && authorized?
-        true
-      else
-        if params[:require_login_popup]
-          render :json => { :require_login_popup => true }
-        else
-          access_denied
-        end
-      end
-    end
-
-    # Redirect as appropriate when an access request fails.
-    #
-    # The default action is to redirect to the login screen.
-    #
-    # Override this method in your controllers if you want to have special
-    # behavior in case the user is not authorized
-    # to access the requested action.  For example, a popup window might
-    # simply close itself.
-    def access_denied
-      respond_to do |accepts|
-        accepts.html do
-          if request.xhr?
-            render :text => _('Access denied'), :status => 401
-          else
-            store_location
-            redirect_to :controller => '/account', :action => 'login'
-          end
-        end
-        accepts.xml do
-          headers["Status"]           = "Unauthorized"
-          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
-          render :text => "Could't authenticate you", :status => '401 Unauthorized'
-        end
-      end
-      false
-    end
-
-    # Store the URI of the current request in the session.
-    #
-    # We can return to this location by calling #redirect_back_or_default.
-    def store_location(location = request.url)
-      session[:return_to] = location
-    end
-
-    # Redirect to the URI stored by the most recent store_location call or
-    # to the passed default.
-    def redirect_back_or_default(default)
-      if session[:return_to]
-        redirect_to(session.delete(:return_to))
-      else
-        redirect_to(default)
-      end
-    end
-
-    # When called with before_filter :login_from_cookie will check for an :auth_token
-    # cookie and log the user back in if apropriate
-    def login_from_cookie
-      return if cookies[:auth_token].blank? or logged_in?
-      user = User.where(remember_token: cookies[:auth_token]).first
-      self.current_user = user if user and user.remember_token?
-    end
-
-  private
-    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
-    # gets BASIC auth info
-    def get_auth_data
-      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
-      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
-      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
-    end
-end
@@ -0,0 +1,160 @@		@@ -0,0 +1,160 @@
	1	+module AuthenticatedSystem
	2	+
	3	+ protected
	4	+
	5	+ def self.included base
	6	+ if base < ActionController::Base
	7	+ base.around_filter :user_set_current
	8	+ base.before_filter :login_from_cookie
	9	+ end
	10	+
	11	+ # Inclusion hook to make #current_user and #logged_in?
	12	+ # available as ActionView helper methods.
	13	+ base.helper_method :current_user, :logged_in?
	14	+ end
	15	+
	16	+ # Returns true or false if the user is logged in.
	17	+ # Preloads @current_user with the user model if they're logged in.
	18	+ def logged_in?
	19	+ current_user != nil
	20	+ end
	21	+
	22	+ # Accesses the current user from the session.
	23	+ def current_user
	24	+ @current_user \|\|= begin
	25	+ id = session[:user]
	26	+ user = User.where(id: id).first if id
	27	+ user.session = session if user
	28	+ User.current = user
	29	+ user
	30	+ end
	31	+ end
	32	+
	33	+ # Store the given user in the session.
	34	+ def current_user=(new_user)
	35	+ if new_user.nil?
	36	+ session.delete(:user)
	37	+ else
	38	+ session[:user] = new_user.id
	39	+ new_user.session = session
	40	+ new_user.register_login
	41	+ end
	42	+ @current_user = User.current = new_user
	43	+ end
	44	+
	45	+ # See impl. from http://stackoverflow.com/a/2513456/670229
	46	+ def user_set_current
	47	+ User.current = current_user
	48	+ yield
	49	+ ensure
	50	+ # to address the thread variable leak issues in Puma/Thin webserver
	51	+ User.current = nil
	52	+ end
	53	+
	54	+ # Check if the user is authorized.
	55	+ #
	56	+ # Override this method in your controllers if you want to restrict access
	57	+ # to only a few actions or if you want to check if the user
	58	+ # has the correct rights.
	59	+ #
	60	+ # Example:
	61	+ #
	62	+ # # only allow nonbobs
	63	+ # def authorize?
	64	+ # current_user.login != "bob"
	65	+ # end
	66	+ def authorized?
	67	+ true
	68	+ end
	69	+
	70	+ # Filter method to enforce a login requirement.
	71	+ #
	72	+ # To require logins for all actions, use this in your controllers:
	73	+ #
	74	+ # before_filter :login_required
	75	+ #
	76	+ # To require logins for specific actions, use this in your controllers:
	77	+ #
	78	+ # before_filter :login_required, :only => [ :edit, :update ]
	79	+ #
	80	+ # To skip this in a subclassed controller:
	81	+ #
	82	+ # skip_before_filter :login_required
	83	+ #
	84	+ def login_required
	85	+ username, passwd = get_auth_data
	86	+ if username && passwd
	87	+ self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
	88	+ end
	89	+ if logged_in? && authorized?
	90	+ true
	91	+ else
	92	+ if params[:require_login_popup]
	93	+ render :json => { :require_login_popup => true }
	94	+ else
	95	+ access_denied
	96	+ end
	97	+ end
	98	+ end
	99	+
	100	+ # Redirect as appropriate when an access request fails.
	101	+ #
	102	+ # The default action is to redirect to the login screen.
	103	+ #
	104	+ # Override this method in your controllers if you want to have special
	105	+ # behavior in case the user is not authorized
	106	+ # to access the requested action. For example, a popup window might
	107	+ # simply close itself.
	108	+ def access_denied
	109	+ respond_to do \|accepts\|
	110	+ accepts.html do
	111	+ if request.xhr?
	112	+ render :text => _('Access denied'), :status => 401
	113	+ else
	114	+ store_location
	115	+ redirect_to :controller => '/account', :action => 'login'
	116	+ end
	117	+ end
	118	+ accepts.xml do
	119	+ headers["Status"] = "Unauthorized"
	120	+ headers["WWW-Authenticate"] = %(Basic realm="Web Password")
	121	+ render :text => "Could't authenticate you", :status => '401 Unauthorized'
	122	+ end
	123	+ end
	124	+ false
	125	+ end
	126	+
	127	+ # Store the URI of the current request in the session.
	128	+ #
	129	+ # We can return to this location by calling #redirect_back_or_default.
	130	+ def store_location(location = request.url)
	131	+ session[:return_to] = location
	132	+ end
	133	+
	134	+ # Redirect to the URI stored by the most recent store_location call or
	135	+ # to the passed default.
	136	+ def redirect_back_or_default(default)
	137	+ if session[:return_to]
	138	+ redirect_to(session.delete(:return_to))
	139	+ else
	140	+ redirect_to(default)
	141	+ end
	142	+ end
	143	+
	144	+ # When called with before_filter :login_from_cookie will check for an :auth_token
	145	+ # cookie and log the user back in if apropriate
	146	+ def login_from_cookie
	147	+ return if cookies[:auth_token].blank? or logged_in?
	148	+ user = User.where(remember_token: cookies[:auth_token]).first
	149	+ self.current_user = user if user and user.remember_token?
	150	+ end
	151	+
	152	+ private
	153	+ @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
	154	+ # gets BASIC auth info
	155	+ def get_auth_data
	156	+ auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
	157	+ auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
	158	+ return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
	159	+ end
	160	+end
	@@ -1,160 +0,0 @@	@@ -1,160 +0,0 @@
1	-module AuthenticatedSystem
2	-
3	- protected
4	-
5	- def self.included base
6	- if base < ActionController::Base
7	- base.around_filter :user_set_current
8	- base.before_filter :login_from_cookie
9	- end
10	-
11	- # Inclusion hook to make #current_user and #logged_in?
12	- # available as ActionView helper methods.
13	- base.helper_method :current_user, :logged_in?
14	- end
15	-
16	- # Returns true or false if the user is logged in.
17	- # Preloads @current_user with the user model if they're logged in.
18	- def logged_in?
19	- current_user != nil
20	- end
21	-
22	- # Accesses the current user from the session.
23	- def current_user
24	- @current_user \|\|= begin
25	- id = session[:user]
26	- user = User.where(id: id).first if id
27	- user.session = session if user
28	- User.current = user
29	- user
30	- end
31	- end
32	-
33	- # Store the given user in the session.
34	- def current_user=(new_user)
35	- if new_user.nil?
36	- session.delete(:user)
37	- else
38	- session[:user] = new_user.id
39	- new_user.session = session
40	- new_user.register_login
41	- end
42	- @current_user = User.current = new_user
43	- end
44	-
45	- # See impl. from http://stackoverflow.com/a/2513456/670229
46	- def user_set_current
47	- User.current = current_user
48	- yield
49	- ensure
50	- # to address the thread variable leak issues in Puma/Thin webserver
51	- User.current = nil
52	- end
53	-
54	- # Check if the user is authorized.
55	- #
56	- # Override this method in your controllers if you want to restrict access
57	- # to only a few actions or if you want to check if the user
58	- # has the correct rights.
59	- #
60	- # Example:
61	- #
62	- # # only allow nonbobs
63	- # def authorize?
64	- # current_user.login != "bob"
65	- # end
66	- def authorized?
67	- true
68	- end
69	-
70	- # Filter method to enforce a login requirement.
71	- #
72	- # To require logins for all actions, use this in your controllers:
73	- #
74	- # before_filter :login_required
75	- #
76	- # To require logins for specific actions, use this in your controllers:
77	- #
78	- # before_filter :login_required, :only => [ :edit, :update ]
79	- #
80	- # To skip this in a subclassed controller:
81	- #
82	- # skip_before_filter :login_required
83	- #
84	- def login_required
85	- username, passwd = get_auth_data
86	- if username && passwd
87	- self.current_user \|\|= User.authenticate(username, passwd) \|\| nil
88	- end
89	- if logged_in? && authorized?
90	- true
91	- else
92	- if params[:require_login_popup]
93	- render :json => { :require_login_popup => true }
94	- else
95	- access_denied
96	- end
97	- end
98	- end
99	-
100	- # Redirect as appropriate when an access request fails.
101	- #
102	- # The default action is to redirect to the login screen.
103	- #
104	- # Override this method in your controllers if you want to have special
105	- # behavior in case the user is not authorized
106	- # to access the requested action. For example, a popup window might
107	- # simply close itself.
108	- def access_denied
109	- respond_to do \|accepts\|
110	- accepts.html do
111	- if request.xhr?
112	- render :text => _('Access denied'), :status => 401
113	- else
114	- store_location
115	- redirect_to :controller => '/account', :action => 'login'
116	- end
117	- end
118	- accepts.xml do
119	- headers["Status"] = "Unauthorized"
120	- headers["WWW-Authenticate"] = %(Basic realm="Web Password")
121	- render :text => "Could't authenticate you", :status => '401 Unauthorized'
122	- end
123	- end
124	- false
125	- end
126	-
127	- # Store the URI of the current request in the session.
128	- #
129	- # We can return to this location by calling #redirect_back_or_default.
130	- def store_location(location = request.url)
131	- session[:return_to] = location
132	- end
133	-
134	- # Redirect to the URI stored by the most recent store_location call or
135	- # to the passed default.
136	- def redirect_back_or_default(default)
137	- if session[:return_to]
138	- redirect_to(session.delete(:return_to))
139	- else
140	- redirect_to(default)
141	- end
142	- end
143	-
144	- # When called with before_filter :login_from_cookie will check for an :auth_token
145	- # cookie and log the user back in if apropriate
146	- def login_from_cookie
147	- return if cookies[:auth_token].blank? or logged_in?
148	- user = User.where(remember_token: cookies[:auth_token]).first
149	- self.current_user = user if user and user.remember_token?
150	- end
151	-
152	- private
153	- @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
154	- # gets BASIC auth info
155	- def get_auth_data
156	- auth_key = @@http_auth_headers.detect { \|h\| request.env.has_key?(h) }
157	- auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
158	- return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
159	- end
160	-end