openstax_connect 0.0.3 → 0.0.4

Sign up to get free protection for your applications and to get access to all the features.
@@ -14,7 +14,7 @@ module OpenStax
14
14
  def omniauth_authenticated
15
15
  handle_with(SessionsOmniauthAuthenticated,
16
16
  complete: lambda {
17
- connect_sign_in(@handler_result.outputs[:connect_user_to_sign_in])
17
+ sign_in(@handler_result.outputs[:connect_user_to_sign_in])
18
18
  redirect_to return_path(true)
19
19
  })
20
20
  end
@@ -1,64 +1,30 @@
1
1
  class ActionController::Base
2
- # References:
3
- # http://railscasts.com/episodes/356-dangers-of-session-hijacking
2
+
3
+ before_filter {
4
+ @current_user_manager = OpenStax::Connect::CurrentUserManager.new(request,
5
+ session,
6
+ cookies)
7
+ }
4
8
 
5
9
  # Returns the current app user
6
10
  def current_user
7
- current_connect_user
8
- @current_app_user
9
- end
10
-
11
- # Quasi "private" method that returns the current connect user, refreshing it if needed
12
- def current_connect_user
13
- if request.ssl? && cookies.signed[:secure_user_id] != "secure#{session[:user_id]}"
14
- sign_out! # hijacked
15
- else
16
- @current_connect_user ||= OpenStax::Connect::User.anonymous
17
- connect_sign_in(OpenStax::Connect::User.where(id: session[:user_id]).first) \
18
- if @current_connect_user.is_anonymous? && session[:user_id]
19
- end
20
-
21
- @current_connect_user
22
- end
23
-
24
- # Sets (signs in) the provided app user.
25
- def current_user=(user)
26
- self.current_connect_user = OpenStax::Connect.configuration.user_provider.app_user_to_connect_user(user)
27
- @current_app_user
11
+ @current_user_manager.current_user
28
12
  end
29
13
 
30
- # Quasi "private" method that sets the current connect user, also updates the cache
31
- # of the current app user.
32
- def current_connect_user=(user)
33
- @current_connect_user = user || OpenStax::Connect::User.anonymous
34
- if @current_connect_user.is_anonymous?
35
- session[:user_id] = nil
36
- cookies.delete(:secure_user_id)
37
- else
38
- session[:user_id] = @current_connect_user.id
39
- cookies.signed[:secure_user_id] = {secure: true, value: "secure#{@current_connect_user.id}"}
40
- end
41
- @current_app_user = OpenStax::Connect.configuration.user_provider.connect_user_to_app_user(@current_connect_user)
42
- @current_connect_user
43
- end
44
-
45
- # Signs in the given app user
14
+ # Signs in the given user; the argument can be either a connect user or
15
+ # an app user
46
16
  def sign_in(user)
47
- self.current_user = user
48
- end
49
-
50
- def connect_sign_in(user)
51
- self.current_connect_user = user
17
+ @current_user_manager.sign_in(user)
52
18
  end
53
19
 
54
- # Signs out the user
20
+ # Signs out the current user
55
21
  def sign_out!
56
- self.current_connect_user = OpenStax::Connect::User.anonymous
22
+ @current_user_manager.sign_out!
57
23
  end
58
24
 
59
25
  # Returns true iff there is a user signed in
60
26
  def signed_in?
61
- !current_connect_user.is_anonymous?
27
+ @current_user_manager.signed_in?
62
28
  end
63
29
 
64
30
  # Useful in before_filters
@@ -68,7 +34,7 @@ class ActionController::Base
68
34
 
69
35
  protected
70
36
 
71
- helper_method :current_user, :current_user=, :signed_in?
37
+ helper_method :current_user, :signed_in?
72
38
 
73
39
  end
74
40
 
@@ -0,0 +1,92 @@
1
+ module OpenStax::Connect
2
+ class CurrentUserManager
3
+
4
+ # References:
5
+ # http://railscasts.com/episodes/356-dangers-of-session-hijacking
6
+
7
+ def initialize(request, session, cookies)
8
+ @request = request
9
+ @session = session
10
+ @cookies = cookies
11
+ end
12
+
13
+ # Returns the current app user
14
+ def current_user
15
+ refresh_current_users if @current_app_user.nil?
16
+ @current_app_user
17
+ end
18
+
19
+ # Signs in the given user; the argument can be either a connect user or
20
+ # an app user
21
+ def sign_in(user)
22
+ user.is_a?(User) ?
23
+ self.connect_current_user = user :
24
+ self.current_user = user
25
+ end
26
+
27
+ # Signs out the user
28
+ def sign_out!
29
+ sign_in(OpenStax::Connect::User.anonymous)
30
+ end
31
+
32
+ # Returns true iff there is a user signed in
33
+ def signed_in?
34
+ !connect_current_user.is_anonymous?
35
+ end
36
+
37
+ protected
38
+
39
+ # Refreshes the current connect user (if needed) and returns it.
40
+ def connect_current_user
41
+ refresh_current_users if @connect_current_user.nil?
42
+ @connect_current_user
43
+ end
44
+
45
+ def refresh_current_users
46
+ if @request.ssl? && @cookies.signed[:secure_user_id] != "secure#{@session[:user_id]}"
47
+ sign_out! # hijacked
48
+ else
49
+ new_connect_current_user = @connect_current_user || User.anonymous
50
+ new_connect_current_user = User.where(id: @session[:user_id]).first \
51
+ if new_connect_current_user.is_anonymous? && @session[:user_id]
52
+
53
+ # changes both current and app user
54
+ self.connect_current_user = new_connect_current_user
55
+ end
56
+ end
57
+
58
+ # Sets (signs in) the provided app user.
59
+ def current_user=(user)
60
+ self.connect_current_user = user_provider.app_user_to_connect_user(user)
61
+ @current_app_user
62
+ end
63
+
64
+ # Sets the current connect user, updating the session and cookie state, also
65
+ # updates the cache of the current app user.
66
+ def connect_current_user=(user)
67
+ user ||= User.anonymous
68
+ @connect_current_user ||= User.anonymous
69
+
70
+ if user != @connect_current_user
71
+ @connect_current_user = user
72
+ @current_app_user = nil # changed connect user so invalidate the app user
73
+
74
+ if @connect_current_user.is_anonymous?
75
+ @session[:user_id] = nil
76
+ @cookies.delete(:secure_user_id)
77
+ else
78
+ @session[:user_id] = @connect_current_user.id
79
+ @cookies.signed[:secure_user_id] = {secure: true, value: "secure#{@connect_current_user.id}"}
80
+ end
81
+ end
82
+
83
+ @current_app_user ||= user_provider.connect_user_to_app_user(@connect_current_user)
84
+ @connect_current_user
85
+ end
86
+
87
+ def user_provider
88
+ OpenStax::Connect.configuration.user_provider
89
+ end
90
+
91
+ end
92
+ end
@@ -1,5 +1,5 @@
1
1
  module OpenStax
2
2
  module Connect
3
- VERSION = "0.0.3"
3
+ VERSION = "0.0.4"
4
4
  end
5
5
  end
@@ -5,6 +5,7 @@ require "openstax/connect/utilities"
5
5
  require "openstax/connect/route_helper"
6
6
  require "openstax/connect/action_list"
7
7
  require "openstax/connect/user_provider"
8
+ require "openstax/connect/current_user_manager"
8
9
 
9
10
  module OpenStax
10
11
  module Connect
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openstax_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-10-08 00:00:00.000000000 Z
12
+ date: 2013-10-09 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rails
@@ -163,6 +163,7 @@ files:
163
163
  - db/migrate/20130729213800_create_openstax_connect_users.rb
164
164
  - lib/omniauth/strategies/openstax.rb
165
165
  - lib/openstax/connect/action_list.rb
166
+ - lib/openstax/connect/current_user_manager.rb
166
167
  - lib/openstax/connect/engine.rb
167
168
  - lib/openstax/connect/exceptions.rb
168
169
  - lib/openstax/connect/route_helper.rb
@@ -188,7 +189,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
188
189
  version: '0'
189
190
  segments:
190
191
  - 0
191
- hash: 2014906712606740384
192
+ hash: 3664854018823148928
192
193
  required_rubygems_version: !ruby/object:Gem::Requirement
193
194
  none: false
194
195
  requirements:
@@ -197,7 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
197
198
  version: '0'
198
199
  segments:
199
200
  - 0
200
- hash: 2014906712606740384
201
+ hash: 3664854018823148928
201
202
  requirements: []
202
203
  rubyforge_project:
203
204
  rubygems_version: 1.8.25