model_security_generator 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -92,7 +92,7 @@ public
|
|
|
92
92
|
# it!
|
|
93
93
|
def logout
|
|
94
94
|
User.sign_off
|
|
95
|
-
|
|
95
|
+
reset_session
|
|
96
96
|
session[:skip_user_setup] = true
|
|
97
97
|
redirect_to :action => 'login'
|
|
98
98
|
end
|
|
@@ -114,7 +114,7 @@ public
|
|
|
114
114
|
@user.save
|
|
115
115
|
User.sign_on_by_session(1)
|
|
116
116
|
session[:user_id] = 1
|
|
117
|
-
render :
|
|
117
|
+
render :action => 'admin_created'
|
|
118
118
|
# Mail the user instructions on how to activate their account.
|
|
119
119
|
else
|
|
120
120
|
url_params = {
|
|
@@ -125,7 +125,8 @@ public
|
|
|
125
125
|
}
|
|
126
126
|
url = url_for(url_params)
|
|
127
127
|
UserMailer.deliver_new_user(p, url, @user.token_expiry)
|
|
128
|
-
|
|
128
|
+
@email = p['email']
|
|
129
|
+
render :action => 'created'
|
|
129
130
|
end
|
|
130
131
|
else
|
|
131
132
|
flash['notice'] = 'Creation of new user failed.'
|
data/templates/db/users.sql
CHANGED
|
@@ -5,7 +5,7 @@ create table users (
|
|
|
5
5
|
admin integer(1) not null default 0,
|
|
6
6
|
activated integer(1) not null default 0,
|
|
7
7
|
email varchar(80) not null,
|
|
8
|
-
cypher
|
|
8
|
+
cypher text not null,
|
|
9
9
|
salt char(40) not null,
|
|
10
10
|
token char(10) not null,
|
|
11
11
|
token_expiry timestamp not null,
|
|
@@ -278,9 +278,6 @@ private
|
|
|
278
278
|
# *attribute* is the name of the attribute upon which an access is
|
|
279
279
|
# being attempted.
|
|
280
280
|
#
|
|
281
|
-
# FIX: Is exception information displayed in production mode? I put a lot
|
|
282
|
-
# of sensitive data in this exception.
|
|
283
|
-
#
|
|
284
281
|
def security_error(permission, attribute)
|
|
285
282
|
global = nil
|
|
286
283
|
local = nil
|
|
@@ -345,7 +342,6 @@ public
|
|
|
345
342
|
def write_attribute(name, value)
|
|
346
343
|
if not writable?(name)
|
|
347
344
|
security_error(:let_write, name)
|
|
348
|
-
raise SecurityError
|
|
349
345
|
end
|
|
350
346
|
old_write_attribute(name, value)
|
|
351
347
|
end
|
|
@@ -22,18 +22,33 @@ module UserSupport
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
|
|
25
|
+
# FIX: This only works for require_login and require_admin for now, because
|
|
26
|
+
# I'm not passing the block across invocations.
|
|
27
|
+
#
|
|
28
|
+
# This is meant to be used as a before_filter.
|
|
29
|
+
# A condition that is dependent on the user's login is in the block.
|
|
30
|
+
# If the condition isn't true, a login panel is put up, and the explanation
|
|
31
|
+
# that is passed as an argument may (or may not) be presented to the user,
|
|
32
|
+
# depending on whether we're using HTTP authentication or not.
|
|
33
|
+
# Once the condition is met, it resumes the action it was protecting.
|
|
34
|
+
def require_condition(e)
|
|
35
|
+
if yield
|
|
36
|
+
return true
|
|
37
|
+
else
|
|
38
|
+
if controller_name != 'user' and (action_name != 'login' and action_name != 'login_admin')
|
|
39
|
+
store_location
|
|
40
|
+
end
|
|
41
|
+
redirect_to :controller => 'user', :action => 'login', :explanation => e
|
|
42
|
+
return false
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
25
46
|
# This is meant to be used as a before_filter. It requires an
|
|
26
47
|
# administrative login, putting up a login panel if the administrator
|
|
27
48
|
# isn't currently logged in. Once the administrator logs in, it resumes
|
|
28
49
|
# the action it was protecting.
|
|
29
50
|
def require_admin
|
|
30
|
-
|
|
31
|
-
return true
|
|
32
|
-
else
|
|
33
|
-
store_location
|
|
34
|
-
redirect_to :controller => 'user', :action => 'login_admin'
|
|
35
|
-
return false
|
|
36
|
-
end
|
|
51
|
+
require_condition("Administrative user required.") { admin? }
|
|
37
52
|
end
|
|
38
53
|
|
|
39
54
|
# This is meant to be used as a before_filter. It requires a
|
|
@@ -41,13 +56,7 @@ module UserSupport
|
|
|
41
56
|
# logged in. Once a user logs in, it resumes the action it was
|
|
42
57
|
# protecting.
|
|
43
58
|
def require_login
|
|
44
|
-
|
|
45
|
-
true
|
|
46
|
-
else
|
|
47
|
-
store_location
|
|
48
|
-
redirect_to :controller => 'user', :action => 'login'
|
|
49
|
-
false
|
|
50
|
-
end
|
|
59
|
+
require_condition("Login required.") { User.current }
|
|
51
60
|
end
|
|
52
61
|
|
|
53
62
|
# This is a before filter for the entire application, used to set up the
|
data/templates/models/user.rb
CHANGED
|
@@ -140,7 +140,7 @@ private
|
|
|
140
140
|
|
|
141
141
|
|
|
142
142
|
# The security token can only be changed if we're the special "login" user.
|
|
143
|
-
let_write :activated, :
|
|
143
|
+
let_write :activated, :token, :token_expiry, :if => :logging_in?
|
|
144
144
|
|
|
145
145
|
public
|
|
146
146
|
attr_accessor :password, :password_confirmation, :old_password
|
metadata
CHANGED
|
@@ -3,8 +3,8 @@ rubygems_version: 0.8.4
|
|
|
3
3
|
specification_version: 1
|
|
4
4
|
name: model_security_generator
|
|
5
5
|
version: !ruby/object:Gem::Version
|
|
6
|
-
version: 0.0.
|
|
7
|
-
date: 2005-10-
|
|
6
|
+
version: 0.0.6
|
|
7
|
+
date: 2005-10-10
|
|
8
8
|
summary: "[Rails] Model security and authentication generator."
|
|
9
9
|
require_paths:
|
|
10
10
|
- "."
|