Grosse MàJ

P5B/ruby/3dossmanno_annuaire/lib/authenticated_system.rb

@@ -0,0 +1,127 @@
+module AuthenticatedSystem
+  protected
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      current_user != :false
+    end
+    
+    # Accesses the current user from the session.  Set it to :false if login fails
+    # so that future calls do not hit the database.
+    def current_user
+      @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie || :false)
+    end
+    
+    # Store the given user in the session.
+    def current_user=(new_user)
+      session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
+      @current_user = new_user
+    end
+    
+    # Check if the user is authorized
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorized?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      logged_in?
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      authorized? || access_denied
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          store_location
+          redirect_to :controller => '/sessions', :action => 'new'
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end  
+    
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+    
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
+      session[:return_to] = nil
+    end
+    
+    # Inclusion hook to make #current_user and #logged_in?
+    # available as ActionView helper methods.
+    def self.included(base)
+      base.send :helper_method, :current_user, :logged_in?
+    end
+
+    # Called from #current_user.  First attempt to login by the user id stored in the session.
+    def login_from_session
+      self.current_user = User.find_by_id(session[:user]) if session[:user]
+    end
+
+    # Called from #current_user.  Now, attempt to login by basic authentication information.
+    def login_from_basic_auth
+      username, passwd = get_auth_data
+      self.current_user = User.authenticate(username, passwd) if username && passwd
+    end
+
+    # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+    def login_from_cookie      
+      user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
+      if user && user.remember_token?
+        user.remember_me
+        cookies[:auth_token] = { :value => user.remember_token, :expires => user.remember_token_expires_at }
+        self.current_user = user
+      end
+    end
+
+  private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 
+    end
+end

P5B/ruby/3dossmanno_annuaire/lib/authenticated_test_helper.rb

@@ -0,0 +1,26 @@
+module AuthenticatedTestHelper
+  # Sets the current user in the session from the user fixtures.
+  def login_as(user)
+    @request.session[:user] = user ? users(user).id : nil
+  end
+
+  def authorize_as(user)
+    @request.env["HTTP_AUTHORIZATION"] = user ? "Basic #{Base64.encode64("#{users(user).login}:test")}" : nil
+  end
+
+  # taken from edge rails / rails 2.0.  Only needed on Rails 1.2.3
+  def assert_difference(expressions, difference = 1, message = nil, &block)
+    expression_evaluations = [expressions].flatten.collect{|expression| lambda { eval(expression, block.binding) } } 
+    
+    original_values = expression_evaluations.inject([]) { |memo, expression| memo << expression.call }
+    yield
+    expression_evaluations.each_with_index do |expression, i|
+      assert_equal original_values[i] + difference, expression.call, message
+    end
+  end
+
+  # taken from edge rails / rails 2.0.  Only needed on Rails 1.2.3
+  def assert_no_difference(expressions, message = nil, &block)
+    assert_difference expressions, 0, message, &block
+  end
+end