X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/b4c0bfd8fa324a4c9d8b24e8753d134524ea61c7..97978ceeb9047ec6894b822ca947a466c2462988:/app/controllers/application.rb diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 537de40d7..366646ae3 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -1,4 +1,49 @@ # Filters added to this controller will be run for all controllers in the application. # Likewise, all the methods added will be available for all controllers. class ApplicationController < ActionController::Base -end \ No newline at end of file + + def authorize_web + @user = User.find_by_token(session[:token]) + end + + def authorize(realm='Web Password', errormessage="Could't authenticate you") + username, passwd = get_auth_data + # check if authorized + # try to get user + if @user = User.authenticate(username, passwd) + # user exists and password is correct ... horray! + if @user.methods.include? 'lastlogin' + # note last login + @session['lastlogin'] = user.lastlogin + @user.last.login = Time.now + @user.save() + @session["User.id"] = @user.id + end + else + # the user does not exist or the password was wrong + @response.headers["Status"] = "Unauthorized" + @response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" + render_text(errormessage, 401) + end + end + + private + def get_auth_data + user, pass = '', '' + # extract authorisation credentials + if request.env.has_key? 'X-HTTP_AUTHORIZATION' + # try to get it where mod_rewrite might have put it + authdata = @request.env['X-HTTP_AUTHORIZATION'].to_s.split + elsif request.env.has_key? 'HTTP_AUTHORIZATION' + # this is the regular location + authdata = @request.env['HTTP_AUTHORIZATION'].to_s.split + end + + # at the moment we only support basic authentication + if authdata and authdata[0] == 'Basic' + user, pass = Base64.decode64(authdata[1]).split(':')[0..1] + end + return [user, pass] + end + +end