app/controllers/concerns/session_methods.rb

   1 module SessionMethods
   2   extend ActiveSupport::Concern
   3
   4   private
   5
   6   ##
   7   # Read @preferred_auth_provider and @client_app_name from oauth2 authorization request's referer
   8   def parse_oauth_referer(referer)
   9     referer_query = URI(referer).query if referer
  10     return unless referer_query
  11
  12     ref_params = CGI.parse referer_query
  13     preferred = ref_params["preferred_auth_provider"].first
  14     @preferred_auth_provider = preferred if preferred && Settings.key?(:"#{preferred}_auth_id")
  15     @client_app_name = Oauth2Application.where(:uid => ref_params["client_id"].first).pick(:name)
  16   end
  17
  18   ##
  19   # return the URL to use for authentication
  20   def auth_url(provider, referer = nil)
  21     params = { :provider => provider }
  22
  23     if referer.nil?
  24       params[:origin] = request.path
  25     else
  26       params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
  27       params[:referer] = referer
  28     end
  29
  30     auth_path(params)
  31   end
  32
  33   ##
  34   # process a successful login
  35   def successful_login(user, referer = nil)
  36     session[:user] = user.id
  37     session[:fingerprint] = user.fingerprint
  38     session_expires_after 28.days if session[:remember_me]
  39
  40     cookies.delete :_osm_anonymous_notes_count
  41
  42     target = referer || url_for(:controller => :site, :action => :index)
  43
  44     # The user is logged in, so decide where to send them:
  45     #
  46     # - If they haven't seen the contributor terms, send them there.
  47     # - If they have a block on them, show them that.
  48     # - If they were referred to the login, send them back there.
  49     # - Otherwise, send them to the home page.
  50     if !user.terms_seen
  51       redirect_to account_terms_path(:referer => target)
  52     elsif user.blocked_on_view
  53       redirect_to user.blocked_on_view, :referer => target
  54     else
  55       redirect_to target
  56     end
  57
  58     session.delete(:remember_me)
  59   end
  60
  61   ##
  62   # process a failed login
  63   def failed_login(message, username, referer = nil)
  64     flash[:error] = message
  65
  66     redirect_to :controller => "sessions", :action => "new", :referer => referer,
  67                 :username => username, :remember_me => session[:remember_me]
  68
  69     session.delete(:remember_me)
  70   end
  71
  72   ##
  73   #
  74   def unconfirmed_login(user, referer = nil)
  75     session[:pending_user] = user.id
  76
  77     redirect_to :controller => "confirmations", :action => "confirm",
  78                 :display_name => user.display_name, :referer => referer
  79
  80     session.delete(:remember_me)
  81   end
  82 end