From 0189bce49697f3396b2572de98b75d6eaae6ccf1 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Fri, 9 Oct 2009 08:47:47 +0000
Subject: [PATCH] Test that the user has cookies enabled at critical points
 where we are about to require them and warn the user if they are not enabled.

---
 app/controllers/application_controller.rb | 13 +++++++++++++
 app/controllers/user_controller.rb        |  1 +
 config/locales/en.yml                     |  2 ++
 3 files changed, 16 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c701d8add..e36c9842b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -39,6 +39,19 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  ##
+  # require the user to have cookies enabled in their browser
+  def require_cookies
+    if request.cookies["_osm_session"].to_s == ""
+      if params[:cookie_test].nil?
+        redirect_to params.merge(:cookie_test => "true")
+        return false
+      else
+        @notice = t 'application.require_cookies.cookies_needed'
+      end
+    end
+  end
+
   # Utility methods to make the controller filter methods easier to read and write.
   def require_allow_read_prefs
     require_capability(:allow_read_prefs)
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 93cc3a6a5..3ea7fa8fd 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -10,6 +10,7 @@ class UserController < ApplicationController
   before_filter :check_api_readable, :only => [:api_details, :api_gpx_files]
   before_filter :require_allow_read_prefs, :only => [:api_details]
   before_filter :require_allow_read_gpx, :only => [:api_gpx_files]
+  before_filter :require_cookies, :only => [:login, :confirm]
 
   filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index f8a424b45..f2c9d7700 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -806,6 +806,8 @@ en:
     make_public:
       made_public: "Track made public"
   application:
+    require_cookies:
+      cookies_needed: "You appear to have cookies disabled - please enable cookies in your browser before continuing."
     setup_user_auth:
       blocked: "Your access to the API has been blocked. Please log-in to the web interface to find out more."
   oauth:
-- 
2.43.2