def authorize_web
if session[:user]
- self.current_user = User.where(:id => session[:user], :status => %w[active confirmed suspended]).first
+ self.current_user = User.find_by(:id => session[:user], :status => %w[active confirmed suspended])
if session[:fingerprint] &&
session[:fingerprint] != current_user.fingerprint
redirect_to :controller => "users", :action => "terms", :referer => request.fullpath
end
end
- elsif session[:token]
- session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token])
end
session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil?
@oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application)
end
+ def require_oauth_10a_support
+ report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden unless Settings.oauth_10a_support
+ end
+
##
# require the user to have cookies enabled in their browser
def require_cookies
##
# wrap a web page in a timeout
def web_timeout(&block)
- Timeout.timeout(Settings.web_timeout, Timeout::Error, &block)
+ Timeout.timeout(Settings.web_timeout, &block)
rescue ActionView::Template::Error => e
e = e.cause
render :action => "timeout"
end
- ##
- # ensure that there is a "user" instance variable
- def lookup_user
- render_unknown_user params[:display_name] unless @user = User.active.find_by(:display_name => params[:display_name])
- end
-
- ##
- # render a "no such user" page
- def render_unknown_user(name)
- @title = t "users.no_such_user.title"
- @not_found_user = name
-
- respond_to do |format|
- format.html { render :template => "users/no_such_user", :status => :not_found }
- format.all { head :not_found }
- end
- end
-
##
# Unfortunately if a PUT or POST request that has a body fails to
# read it then Apache will sometimes fail to return the response it
projects / rails.git / blobdiff