Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 178
- Log:
Hub integration of Beast forum. Completed styling for RISC OS Open site.
Removed reliance on JavaScript. Added Textile hints to various views.
Added bespoke utility code used to port over RForum data for posterity;
note the rather large bug that it ignores the deleted flag on RForum
data.Some amount of testing carried out on Firefox, Opera and Netsurf. Looks
OK so far, but there are definitely some aesthetic kinks to work out
still and doubtless some operational bugs will surface once it goes
live and is subjected to more intensive real world use.
- Author:
- rool
- Date:
- Mon Mar 12 00:19:40 +0000 2007
- Size:
- 6054 Bytes
1 | module AuthenticationSystem |
2 | |
3 | # Hub single sign-on support. The core of the old authentication system is |
4 | # now delegated to this. |
5 | |
6 | require 'hub_sso_lib' |
7 | include HubSsoLib::Core |
8 | |
9 | protected |
10 | # this is used to keep track of the last time a user has been seen (reading a topic) |
11 | # it is used to know when topics are new or old and which should have the green |
12 | # activity light next to them |
13 | # |
14 | # we cheat by not calling it all the time, but rather only when a user views a topic |
15 | # which means it isn't truly "last seen at" but it does serve it's intended purpose |
16 | # |
17 | # this could be a filter for the entire app and keep with it's true meaning, but that |
18 | # would just slow things down without any forseeable benefit since we already know |
19 | # who is online from the user/session connection |
20 | # |
21 | # This is now also used to show which users are online... not at accurate as the |
22 | # session based approach, but less code and less overhead. |
23 | def update_last_seen_at |
24 | return unless logged_in? |
25 | User.update_all ['last_seen_at = ?', Time.now.utc], ['id = ?', current_user.id] |
26 | current_user.last_seen_at = Time.now.utc |
27 | end |
28 | |
29 | def login_required |
30 | login_by_token unless logged_in? |
31 | respond_to do |format| |
32 | format.html { redirect_to login_path } |
33 | format.js { render(:update) { |p| p.redirect_to login_path } } |
34 | format.xml do |
35 | headers["WWW-Authenticate"] = %(Basic realm="Beast") |
36 | render :text => "HTTP Basic: Access denied.\n", :status => :unauthorized |
37 | end |
38 | end unless logged_in? && authorized? |
39 | end |
40 | |
41 | def login_by_token |
42 | # Before doing anything else, check for stale login status. If logged out of |
43 | # Hub but there's still an session active recorded internally, delete it. Do |
44 | # the same if the e-mail address has changed (the user logged into a different |
45 | # Hub account). |
46 | |
47 | if (logged_in?) |
48 | if (!hubssolib_logged_in? || current_user.email != hubssolib_get_user_address) |
49 | reset_session |
50 | self.current_user = setup_user |
51 | return |
52 | end |
53 | end |
54 | |
55 | # Don't confuse the local "logged_in?" session check with the notion |
56 | # of being logged into Hub ("hubssolib_logged_in?"). |
57 | |
58 | self.current_user = setup_user if not logged_in? |
59 | end |
60 | |
61 | def authorized?() true end |
62 | |
63 | def current_user=(value) |
64 | if @current_user = value |
65 | session[:user_id] = @current_user.id |
66 | # this is used while we're logged in to know which threads are new, etc |
67 | session[:last_active] = @current_user.last_seen_at |
68 | session[:topics] = session[:forums] = {} |
69 | update_last_seen_at |
70 | end |
71 | end |
72 | |
73 | def current_user |
74 | @current_user ||= ((session[:user_id] && User.find_by_id(session[:user_id])) || 0) |
75 | end |
76 | |
77 | def logged_in? |
78 | current_user != 0 && hubssolib_logged_in? |
79 | end |
80 | |
81 | def admin? |
82 | logged_in? && current_user.admin? |
83 | end |
84 | |
85 | # Get a unique login string from the Hub user, in abstracted form. |
86 | # While it must be unique, its content is irrelevant in the Hub |
87 | # integrated forum as it doesn't get displayed. We use this instead |
88 | # of e-mail address because we want to detect an e-mail address |
89 | # being used more than once by different users to cope with stale |
90 | # Hub accounts or recycled e-mail addresses. |
91 | # |
92 | def get_hub_user_name |
93 | Digest::SHA1.hexdigest("#{hubssolib_unique_name}") |
94 | end |
95 | |
96 | # Map a Hub user's parameters to a forum User model's |
97 | # parameters. Returns a hash appropriate for updating an |
98 | # existing model or to create a brand new forum User. |
99 | # |
100 | def map_hub_user_to_forum_user |
101 | |
102 | return { |
103 | :login => get_hub_user_name, |
104 | :email => hubssolib_get_user_address, |
105 | :admin => hub_user_is_forum_admin?, |
106 | :display_name => hubssolib_unique_name, |
107 | :website => '', |
108 | :bio => '', |
109 | :bio_html => '', |
110 | :activated => true |
111 | } |
112 | end |
113 | |
114 | # Is the current Hub user a forum administrator, based on |
115 | # their Hub roles? |
116 | # |
117 | def hub_user_is_forum_admin? |
118 | hubssolib_get_user_roles.include?('admin,webmaster') ? true : false |
119 | end |
120 | |
121 | # Filter method that sets user parameters by mapping in the |
122 | # currently logged in Hub user to a new or updated forum user. |
123 | # Returns the user details. It is up to the caller to record |
124 | # or discard those details. |
125 | # |
126 | def setup_user |
127 | user = nil |
128 | |
129 | if (hubssolib_logged_in?) |
130 | user = User.find_by_login(get_hub_user_name) |
131 | |
132 | # This for now is the quick and dirty code. We either create |
133 | # a new user on a default map of parameters from Hub to |
134 | # forum user, or we update the Hub parts - on each and every |
135 | # action in forum. This is, obviously, very slow. |
136 | |
137 | if (user) |
138 | user.update_attributes(map_hub_user_to_forum_user) |
139 | else |
140 | |
141 | # There is no user with the same unique ID, but there may be |
142 | # a user with the same e-mail address - somebody might have |
143 | # deleted and recreated their account, or a person may have |
144 | # given up an e-mail address but it could have been claimed |
145 | # by an entirely new user. In any event, a new ID with the |
146 | # same e-mail address implies the old address is stale; Hub |
147 | # insists on unique addreses. We don't want to delete that |
148 | # user because their user name is associated with posts, so |
149 | # instead, clear its email address. |
150 | |
151 | @other_user = User.find_by_email(hubssolib_get_user_address) |
152 | |
153 | if @other_user |
154 | @other_user.email = '' |
155 | @other_user.save! |
156 | end |
157 | |
158 | # Now create the shiny new account and save it. |
159 | |
160 | user = User.new(map_hub_user_to_forum_user) |
161 | user.save! |
162 | end |
163 | |
164 | return user; |
165 | else |
166 | return nil; |
167 | end |
168 | end |
169 | end |