Test that the user has cookies enabled at critical points where we
authorTom Hughes <tom@compton.nu>
Fri, 9 Oct 2009 08:47:47 +0000 (08:47 +0000)
committerTom Hughes <tom@compton.nu>
Fri, 9 Oct 2009 08:47:47 +0000 (08:47 +0000)
are about to require them and warn the user if they are not enabled.

app/controllers/application_controller.rb
app/controllers/user_controller.rb
config/locales/en.yml

index c701d8adde71093f37b9f927c1e8b228e4d5bbc6..e36c9842ba6c55eea2e652d453b60d16732bc86e 100644 (file)
@@ -39,6 +39,19 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  ##
+  # require the user to have cookies enabled in their browser
+  def require_cookies
+    if request.cookies["_osm_session"].to_s == ""
+      if params[:cookie_test].nil?
+        redirect_to params.merge(:cookie_test => "true")
+        return false
+      else
+        @notice = t 'application.require_cookies.cookies_needed'
+      end
+    end
+  end
+
   # Utility methods to make the controller filter methods easier to read and write.
   def require_allow_read_prefs
     require_capability(:allow_read_prefs)
index 93cc3a6a5688e480116ee7c84b0ae362086b3e3c..3ea7fa8fdaadcf671585f8bd9cd4ffe13ed110bb 100644 (file)
@@ -10,6 +10,7 @@ class UserController < ApplicationController
   before_filter :check_api_readable, :only => [:api_details, :api_gpx_files]
   before_filter :require_allow_read_prefs, :only => [:api_details]
   before_filter :require_allow_read_gpx, :only => [:api_gpx_files]
+  before_filter :require_cookies, :only => [:login, :confirm]
 
   filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation
 
index f8a424b45be57247c0872a26062dafeaeca03e6e..f2c9d7700d4a38ef9f77d3752df621f9bdcc4b4d 100644 (file)
@@ -806,6 +806,8 @@ en:
     make_public:
       made_public: "Track made public"
   application:
+    require_cookies:
+      cookies_needed: "You appear to have cookies disabled - please enable cookies in your browser before continuing."
     setup_user_auth:
       blocked: "Your access to the API has been blocked. Please log-in to the web interface to find out more."
   oauth: