From 8da882cf3ec53f9057b17bd8dd39c2eadb2a88c2 Mon Sep 17 00:00:00 2001 From: Stefan Wintermeyer Date: Thu, 31 Jan 2013 11:39:25 +0100 Subject: Fixed single sign on. #145 --- app/controllers/application_controller.rb | 61 +++++++++++------------ app/controllers/gemeinschaft_setups_controller.rb | 4 +- app/controllers/page_controller.rb | 14 ------ 3 files changed, 30 insertions(+), 49 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2aadf19..d1d918e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,26 +2,21 @@ class ApplicationController < ActionController::Base protect_from_forgery - before_filter :set_locale + before_filter :start_setup_if_new_installation - before_filter :go_to_setup_if_new_installation - before_filter :home_breadcrumb - + before_filter :set_locale helper_method :current_user - + helper_method :guess_local_ip_address helper_method :guess_local_host - + + before_filter :home_breadcrumb + helper_method :'have_https?' + helper_method :'single_sign_on_system?' helper_method :random_pin - - #TODO Add check_authorization. See - # https://github.com/ryanb/cancan - # https://github.com/ryanb/cancan/wiki/Ensure-Authorization - # and Gemeinschaft 4 - # Generate a new name for an Object # def generate_a_new_name(parent, child = nil) @@ -56,6 +51,8 @@ class ApplicationController < ActionController::Base def random_pin if GsParameter.get('MINIMUM_PIN_LENGTH') > 0 (1..GsParameter.get('MINIMUM_PIN_LENGTH')).map{|i| (0 .. 9).to_a.sample}.join + else + (1..8).map{|i| (0 .. 9).to_a.sample}.join end end @@ -109,40 +106,38 @@ class ApplicationController < ActionController::Base if current_user redirect_to root_url, :alert => 'Access denied! Please ask your admin to grant you the necessary rights.' else - if Tenant.count == 0 && User.count == 0 - # This is a brand new system. We need to run a setup first. - redirect_to wizards_new_initial_setup_path - else - # You need to login first. - redirect_to log_in_path, :alert => 'Access denied! You need to login first.' - end + # You need to login first. + redirect_to log_in_path, :alert => 'Access denied! You need to login first.' end end private def current_user - if session[:user_id] || GsParameter.get('SingleSignOnEnvUserNameKey').blank? + if session[:user_id].nil? && single_sign_on_system? + auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first + else if session[:user_id] && User.where(:id => session[:user_id]).any? - return User.where(:id => session[:user_id]).first + auth_user = User.where(:id => session[:user_id]).first else - session[:user_id] = nil - return nil + auth_user = nil end + end + session[:user_id] = auth_user.try(:id) + return auth_user + end + + def single_sign_on_system? + if GsParameter.get('SingleSignOnEnvUserNameKey').blank? + false else - if User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).any? - auth_user = User.where(:user_name => request.env[GsParameter.get('SingleSignOnEnvUserNameKey')]).first - session[:user_id] = auth_user.id - return auth_user - else - return nil - end + true end - end + end - def go_to_setup_if_new_installation + def start_setup_if_new_installation if Rails.env != 'test' - if GemeinschaftSetup.all.count == 0 + if GemeinschaftSetup.count == 0 redirect_to new_gemeinschaft_setup_path end end diff --git a/app/controllers/gemeinschaft_setups_controller.rb b/app/controllers/gemeinschaft_setups_controller.rb index 4f4a72a..cff652d 100644 --- a/app/controllers/gemeinschaft_setups_controller.rb +++ b/app/controllers/gemeinschaft_setups_controller.rb @@ -4,9 +4,9 @@ class GemeinschaftSetupsController < ApplicationController # caches_page :new, :gzip => :best_compression - load_and_authorize_resource :gemeinschaft_setup + skip_before_filter :start_setup_if_new_installation - skip_before_filter :go_to_setup_if_new_installation + load_and_authorize_resource :gemeinschaft_setup def new @user = @gemeinschaft_setup.build_user( diff --git a/app/controllers/page_controller.rb b/app/controllers/page_controller.rb index 8f4fa88..ed48e3c 100644 --- a/app/controllers/page_controller.rb +++ b/app/controllers/page_controller.rb @@ -2,7 +2,6 @@ class PageController < ApplicationController # load_and_authorize_resource :class => false # CanCan doesn't work here really good because Page is not a resource. - before_filter :if_fresh_system_then_go_to_wizard skip_before_filter :home_breadcrumb, :only => [:index] def index @@ -14,18 +13,5 @@ class PageController < ApplicationController def help end - - private - def if_fresh_system_then_go_to_wizard - if Tenant.count == 0 && User.count == 0 - # This is a brand new system. We need to run a setup first. - redirect_to wizards_new_initial_setup_path - else - if current_user.nil? - # You need to login first. - redirect_to log_in_path, :alert => I18n.t('pages.controller.access_denied_login_first') - end - end - end end -- cgit v1.2.3