openstax_connect 0.0.3 → 0.0.4

data/app/controllers/openstax/connect/sessions_controller.rb

@@ -14,7 +14,7 @@ module OpenStax
       def omniauth_authenticated
         handle_with(SessionsOmniauthAuthenticated,
                     complete: lambda { 
-                      connect_sign_in(@handler_result.outputs[:connect_user_to_sign_in])
+                      sign_in(@handler_result.outputs[:connect_user_to_sign_in])
                       redirect_to return_path(true)
                     })
       end

data/config/initializers/02_extend_builtins.rb

@@ -1,64 +1,30 @@
 class ActionController::Base
-  # References:
-  #   http://railscasts.com/episodes/356-dangers-of-session-hijacking
+
+  before_filter { 
+    @current_user_manager = OpenStax::Connect::CurrentUserManager.new(request, 
+                                                                      session, 
+                                                                      cookies) 
+  }
 
   # Returns the current app user
   def current_user
-    current_connect_user
-    @current_app_user
-  end
-
-  # Quasi "private" method that returns the current connect user, refreshing it if needed
-  def current_connect_user
-    if request.ssl? && cookies.signed[:secure_user_id] != "secure#{session[:user_id]}"
-      sign_out! # hijacked
-    else
-      @current_connect_user ||= OpenStax::Connect::User.anonymous
-      connect_sign_in(OpenStax::Connect::User.where(id: session[:user_id]).first) \
-        if @current_connect_user.is_anonymous? && session[:user_id]
-    end
-
-    @current_connect_user
-  end  
- 
-  # Sets (signs in) the provided app user.
-  def current_user=(user)
-    self.current_connect_user = OpenStax::Connect.configuration.user_provider.app_user_to_connect_user(user)
-    @current_app_user
+    @current_user_manager.current_user
   end
 
-  # Quasi "private" method that sets the current connect user, also updates the cache
-  # of the current app user.
-  def current_connect_user=(user)
-    @current_connect_user = user || OpenStax::Connect::User.anonymous
-    if @current_connect_user.is_anonymous?
-      session[:user_id] = nil
-      cookies.delete(:secure_user_id)
-    else
-      session[:user_id] = @current_connect_user.id
-      cookies.signed[:secure_user_id] = {secure: true, value: "secure#{@current_connect_user.id}"}
-    end
-    @current_app_user = OpenStax::Connect.configuration.user_provider.connect_user_to_app_user(@current_connect_user)
-    @current_connect_user
-  end
-
-  # Signs in the given app user
+  # Signs in the given user; the argument can be either a connect user or
+  # an app user
   def sign_in(user)
-    self.current_user = user
-  end
-
-  def connect_sign_in(user)
-    self.current_connect_user = user
+    @current_user_manager.sign_in(user)
   end
 
-  # Signs out the user
+  # Signs out the current user
   def sign_out!
-    self.current_connect_user =  OpenStax::Connect::User.anonymous
+    @current_user_manager.sign_out!
   end
 
   # Returns true iff there is a user signed in
   def signed_in?
-    !current_connect_user.is_anonymous?
+    @current_user_manager.signed_in?
   end
 
   # Useful in before_filters
@@ -68,7 +34,7 @@ class ActionController::Base
 
 protected
 
-  helper_method :current_user, :current_user=, :signed_in?
+  helper_method :current_user, :signed_in?
 
 end
 

data/lib/openstax/connect/current_user_manager.rb

@@ -0,0 +1,92 @@
+module OpenStax::Connect
+  class CurrentUserManager
+
+    # References:
+    #   http://railscasts.com/episodes/356-dangers-of-session-hijacking
+
+    def initialize(request, session, cookies)
+      @request = request
+      @session = session
+      @cookies = cookies
+    end
+
+    # Returns the current app user
+    def current_user
+      refresh_current_users if @current_app_user.nil?
+      @current_app_user
+    end
+
+    # Signs in the given user; the argument can be either a connect user or
+    # an app user
+    def sign_in(user)
+      user.is_a?(User) ?
+        self.connect_current_user = user :
+        self.current_user = user
+    end
+
+    # Signs out the user
+    def sign_out!
+      sign_in(OpenStax::Connect::User.anonymous)
+    end
+
+    # Returns true iff there is a user signed in
+    def signed_in?
+      !connect_current_user.is_anonymous?
+    end
+
+  protected
+
+    # Refreshes the current connect user (if needed) and returns it.
+    def connect_current_user
+      refresh_current_users if @connect_current_user.nil?
+      @connect_current_user
+    end  
+
+    def refresh_current_users
+      if @request.ssl? && @cookies.signed[:secure_user_id] != "secure#{@session[:user_id]}"
+        sign_out! # hijacked
+      else
+        new_connect_current_user = @connect_current_user || User.anonymous
+        new_connect_current_user = User.where(id: @session[:user_id]).first \
+          if new_connect_current_user.is_anonymous? && @session[:user_id]
+
+        # changes both current and app user
+        self.connect_current_user = new_connect_current_user
+      end
+    end
+
+    # Sets (signs in) the provided app user.
+    def current_user=(user)
+      self.connect_current_user = user_provider.app_user_to_connect_user(user)
+      @current_app_user
+    end
+
+    # Sets the current connect user, updating the session and cookie state, also 
+    # updates the cache of the current app user.
+    def connect_current_user=(user)
+      user ||= User.anonymous
+      @connect_current_user ||= User.anonymous
+
+      if user != @connect_current_user
+        @connect_current_user = user
+        @current_app_user = nil # changed connect user so invalidate the app user
+
+        if @connect_current_user.is_anonymous?
+          @session[:user_id] = nil
+          @cookies.delete(:secure_user_id)
+        else
+          @session[:user_id] = @connect_current_user.id
+          @cookies.signed[:secure_user_id] = {secure: true, value: "secure#{@connect_current_user.id}"}
+        end
+      end
+
+      @current_app_user ||= user_provider.connect_user_to_app_user(@connect_current_user)
+      @connect_current_user
+    end
+
+    def user_provider
+      OpenStax::Connect.configuration.user_provider
+    end
+
+  end
+end

data/lib/openstax/connect/version.rb

@@ -1,5 +1,5 @@
 module OpenStax
   module Connect
-    VERSION = "0.0.3"
+    VERSION = "0.0.4"
   end
 end

data/lib/openstax_connect.rb

@@ -5,6 +5,7 @@ require "openstax/connect/utilities"
 require "openstax/connect/route_helper"
 require "openstax/connect/action_list"
 require "openstax/connect/user_provider"
+require "openstax/connect/current_user_manager"
 
 module OpenStax
   module Connect

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openstax_connect
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-08 00:00:00.000000000 Z
+date: 2013-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -163,6 +163,7 @@ files:
 - db/migrate/20130729213800_create_openstax_connect_users.rb
 - lib/omniauth/strategies/openstax.rb
 - lib/openstax/connect/action_list.rb
+- lib/openstax/connect/current_user_manager.rb
 - lib/openstax/connect/engine.rb
 - lib/openstax/connect/exceptions.rb
 - lib/openstax/connect/route_helper.rb
@@ -188,7 +189,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2014906712606740384
+      hash: 3664854018823148928
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -197,7 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 2014906712606740384
+      hash: 3664854018823148928
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25