1 module AuthenticationSystem
3 # this is used to keep track of the last time a user has been seen (reading a topic)
4 # it is used to know when topics are new or old and which should have the green
5 # activity light next to them
7 # we cheat by not calling it all the time, but rather only when a user views a topic
8 # which means it isn't truly "last seen at" but it does serve it's intended purpose
10 # this could be a filter for the entire app and keep with it's true meaning, but that
11 # would just slow things down without any forseeable benefit since we already know
12 # who is online from the user/session connection
14 # This is now also used to show which users are online... not at accurate as the
15 # session based approach, but less code and less overhead.
16 def update_last_seen_at
17 return unless logged_in?
18 User.update_all ['last_seen_at = ?', Time.now.utc], ['id = ?', current_user.id]
19 current_user.last_seen_at = Time.now.utc
23 login_by_token unless logged_in?
24 login_by_basic_auth unless logged_in?
25 respond_to do |format|
26 format.html { redirect_to login_path }
27 format.js { render(:update) { |p| p.redirect_to login_path } }
29 headers["WWW-Authenticate"] = %(Basic realm="Beast")
30 render :text => "HTTP Basic: Access denied.\n", :status => :unauthorized
32 end unless logged_in? && authorized?
36 self.current_user = User.find_by_id_and_login_key(*cookies[:login_token].split(";")) if cookies[:login_token] and not logged_in?
39 @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
40 def login_by_basic_auth
41 auth_key = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
42 auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
43 self.current_user = User.authenticate *Base64.decode64(auth_data[1]).split(':')[0..1] if auth_data && auth_data[0] == 'Basic'
46 def authorized?() true end
48 def current_user=(value)
49 if @current_user = value
50 session[:user_id] = @current_user.id
51 # this is used while we're logged in to know which threads are new, etc
52 session[:last_active] = @current_user.last_seen_at
53 session[:topics] = session[:forums] = {}
59 @current_user ||= ((session[:user_id] && User.find_by_id(session[:user_id])) || 0)
67 logged_in? && current_user.admin?