model_security_generator 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
@@ -92,7 +92,7 @@ public
|
|
92
92
|
# it!
|
93
93
|
def logout
|
94
94
|
User.sign_off
|
95
|
-
|
95
|
+
reset_session
|
96
96
|
session[:skip_user_setup] = true
|
97
97
|
redirect_to :action => 'login'
|
98
98
|
end
|
@@ -114,7 +114,7 @@ public
|
|
114
114
|
@user.save
|
115
115
|
User.sign_on_by_session(1)
|
116
116
|
session[:user_id] = 1
|
117
|
-
render :
|
117
|
+
render :action => 'admin_created'
|
118
118
|
# Mail the user instructions on how to activate their account.
|
119
119
|
else
|
120
120
|
url_params = {
|
@@ -125,7 +125,8 @@ public
|
|
125
125
|
}
|
126
126
|
url = url_for(url_params)
|
127
127
|
UserMailer.deliver_new_user(p, url, @user.token_expiry)
|
128
|
-
|
128
|
+
@email = p['email']
|
129
|
+
render :action => 'created'
|
129
130
|
end
|
130
131
|
else
|
131
132
|
flash['notice'] = 'Creation of new user failed.'
|
data/templates/db/users.sql
CHANGED
@@ -5,7 +5,7 @@ create table users (
|
|
5
5
|
admin integer(1) not null default 0,
|
6
6
|
activated integer(1) not null default 0,
|
7
7
|
email varchar(80) not null,
|
8
|
-
cypher
|
8
|
+
cypher text not null,
|
9
9
|
salt char(40) not null,
|
10
10
|
token char(10) not null,
|
11
11
|
token_expiry timestamp not null,
|
@@ -278,9 +278,6 @@ private
|
|
278
278
|
# *attribute* is the name of the attribute upon which an access is
|
279
279
|
# being attempted.
|
280
280
|
#
|
281
|
-
# FIX: Is exception information displayed in production mode? I put a lot
|
282
|
-
# of sensitive data in this exception.
|
283
|
-
#
|
284
281
|
def security_error(permission, attribute)
|
285
282
|
global = nil
|
286
283
|
local = nil
|
@@ -345,7 +342,6 @@ public
|
|
345
342
|
def write_attribute(name, value)
|
346
343
|
if not writable?(name)
|
347
344
|
security_error(:let_write, name)
|
348
|
-
raise SecurityError
|
349
345
|
end
|
350
346
|
old_write_attribute(name, value)
|
351
347
|
end
|
@@ -22,18 +22,33 @@ module UserSupport
|
|
22
22
|
end
|
23
23
|
|
24
24
|
|
25
|
+
# FIX: This only works for require_login and require_admin for now, because
|
26
|
+
# I'm not passing the block across invocations.
|
27
|
+
#
|
28
|
+
# This is meant to be used as a before_filter.
|
29
|
+
# A condition that is dependent on the user's login is in the block.
|
30
|
+
# If the condition isn't true, a login panel is put up, and the explanation
|
31
|
+
# that is passed as an argument may (or may not) be presented to the user,
|
32
|
+
# depending on whether we're using HTTP authentication or not.
|
33
|
+
# Once the condition is met, it resumes the action it was protecting.
|
34
|
+
def require_condition(e)
|
35
|
+
if yield
|
36
|
+
return true
|
37
|
+
else
|
38
|
+
if controller_name != 'user' and (action_name != 'login' and action_name != 'login_admin')
|
39
|
+
store_location
|
40
|
+
end
|
41
|
+
redirect_to :controller => 'user', :action => 'login', :explanation => e
|
42
|
+
return false
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
25
46
|
# This is meant to be used as a before_filter. It requires an
|
26
47
|
# administrative login, putting up a login panel if the administrator
|
27
48
|
# isn't currently logged in. Once the administrator logs in, it resumes
|
28
49
|
# the action it was protecting.
|
29
50
|
def require_admin
|
30
|
-
|
31
|
-
return true
|
32
|
-
else
|
33
|
-
store_location
|
34
|
-
redirect_to :controller => 'user', :action => 'login_admin'
|
35
|
-
return false
|
36
|
-
end
|
51
|
+
require_condition("Administrative user required.") { admin? }
|
37
52
|
end
|
38
53
|
|
39
54
|
# This is meant to be used as a before_filter. It requires a
|
@@ -41,13 +56,7 @@ module UserSupport
|
|
41
56
|
# logged in. Once a user logs in, it resumes the action it was
|
42
57
|
# protecting.
|
43
58
|
def require_login
|
44
|
-
|
45
|
-
true
|
46
|
-
else
|
47
|
-
store_location
|
48
|
-
redirect_to :controller => 'user', :action => 'login'
|
49
|
-
false
|
50
|
-
end
|
59
|
+
require_condition("Login required.") { User.current }
|
51
60
|
end
|
52
61
|
|
53
62
|
# This is a before filter for the entire application, used to set up the
|
data/templates/models/user.rb
CHANGED
@@ -140,7 +140,7 @@ private
|
|
140
140
|
|
141
141
|
|
142
142
|
# The security token can only be changed if we're the special "login" user.
|
143
|
-
let_write :activated, :
|
143
|
+
let_write :activated, :token, :token_expiry, :if => :logging_in?
|
144
144
|
|
145
145
|
public
|
146
146
|
attr_accessor :password, :password_confirmation, :old_password
|
metadata
CHANGED
@@ -3,8 +3,8 @@ rubygems_version: 0.8.4
|
|
3
3
|
specification_version: 1
|
4
4
|
name: model_security_generator
|
5
5
|
version: !ruby/object:Gem::Version
|
6
|
-
version: 0.0.
|
7
|
-
date: 2005-10-
|
6
|
+
version: 0.0.6
|
7
|
+
date: 2005-10-10
|
8
8
|
summary: "[Rails] Model security and authentication generator."
|
9
9
|
require_paths:
|
10
10
|
- "."
|