Class: LoginController

Inherits:
ApplicationController show all
Defined in:
app/controllers/login_controller.rb

Instance Method Summary (collapse)

Methods inherited from ApplicationController

#admin_login_required, #boolean_param, #cas_enabled?, cas_enabled?, #check_for_deprecated_password_hash, #count_deferred_todos, #count_undone_todos, #count_undone_todos_phrase, #create_todo_from_recurring_todo, #enable_mobile_content_negotiation, #for_autocomplete, #format_date, #format_dependencies_as_json_for_auto_complete, #get_done_this_month, #get_done_this_week, #get_done_today, #handle_unverified_request, #init_data_for_sidebar, #init_not_done_counts, #init_project_hidden_todo_counts, #markdown, #mobile?, #notify, openid_enabled?, #openid_enabled?, #parse_date_per_user_prefs, prefered_auth?, #prefered_auth?, #redirect_back_or_home, #render_failure, #set_charset, #set_locale, #set_session_expiration, #set_time_zone, #set_zindex_counter

Methods included from LoginSystem

#access_denied, #authorize?, #basic_auth_denied, #current_user, #get_basic_auth_data, #get_current_user, #logged_in?, #login_from_cookie, #login_optional, #login_or_feed_token_required, #login_required, #logout_user, #prefs, #protect?, #redirect_back_or_default, #redirect_to_login, #set_current_user, #store_location

Instance Method Details

- (Object) check_expiry 



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'app/controllers/login_controller.rb', line 98

def check_expiry
  # Gets called by periodically_call_remote to check whether
  # the session has timed out yet
  unless session == nil
    if session
      return unless should_expire_sessions?
      # Get expiry time (allow ten seconds window for the case where we have none)
      expiry_time = session['expiry_time'] || Time.now + 10
      time_left = expiry_time - Time.now
      @session_expired = ( time_left < (10*60) ) # Session will time out before the next check
    end
  end
  respond_to do |format|
    format.js
  end
end

- (Object) expire_session 



75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'app/controllers/login_controller.rb', line 75

def expire_session
  # this is a hack to enable cucumber to expire a session by calling this
  # method. The method will be unavailable for production environment
  
  @user.forget_me if logged_in?
  cookies.delete :auth_token
  session['user_id'] = nil
  reset_session
  
  unless Rails.env.production?
    session['expiry_time'] = Time.now
    respond_to do |format|
      format.html { render :text => "Session expired for test purposes"}
      format.js { render :text => "" }
    end
  else
    respond_to do |format|
      format.html { render :text => "Not available for production use"}
      format.js { render :text => "" }
    end
  end
end

- (Object) login 



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'app/controllers/login_controller.rb', line 26

def 
  if cas_enabled?
    @username = session[:cas_user]
    @login_url = CASClient::Frameworks::Rails::Filter.(self)
  end
  if openid_enabled? && using_open_id?
    
  elsif cas_enabled? && session[:cas_user]
    
  else
    @page_title = "TRACKS::Login"
    cookies[:preferred_auth] = prefered_auth? unless cookies[:preferred_auth]
    case request.method
    when :post
      if @user = User.authenticate(params['user_login'], params['user_password'])
        session['user_id'] = @user.id
        # If checkbox on login page checked, we don't expire the session after 1 hour
        # of inactivity and we remember this user for future browser sessions
        session['noexpiry'] = params['user_noexpiry']
        msg = (should_expire_sessions?) ? "will expire after 1 hour of inactivity." : "will not expire."
        notify :notice, "Login successful: session #{msg}"
        cookies[:tracks_login] = { :value => @user., :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
        unless should_expire_sessions?
          @user.remember_me
          cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
        end
        redirect_back_or_home
        return
      else
        @login = params['user_login']
        notify :warning, t('login.unsuccessful')
      end
    when :get
      if User.no_users_yet?
        redirect_to 
        return
      end
    end
    respond_to do |format|
      format.html
      format.m   { render :action => 'login_mobile.html.erb', :layout => 'mobile' }
    end
  end
end

- (Object) login_cas 



115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'app/controllers/login_controller.rb', line 115

def 
  # If checkbox on login page checked, we don't expire the session after 1 hour
  # of inactivity and we remember this user for future browser sessions

  session['noexpiry'] ||= params['user_noexpiry']
  if session[:cas_user]
    if @user = User.(session[:cas_user])
      session['user_id'] = @user.id
      msg = (should_expire_sessions?) ? t('login.session_will_expire', :hours => 1) : t('login.session_will_not_expire')
      notify :notice, (t('login.successful_with_session_info') + msg)
      cookies[:tracks_login] = { :value => @user., :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
      unless should_expire_sessions?
        @user.remember_me
        cookies[:auth_token] = { :value => @user.remember_token, :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
      end
    else
      notify :warning, t('login.cas_username_not_found', :username => session[:cas_user])
      redirect_to  ; return
    end
  else
    notify :warning, result.message
  end
  redirect_back_or_home

end

- (Object) login_openid (protected) 



149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
 
# File 'app/controllers/login_controller.rb', line 149

def 
  # If checkbox on login page checked, we don't expire the session after 1 hour
  # of inactivity and we remember this user for future browser sessions
  session['noexpiry'] ||= params['user_noexpiry']
  authenticate_with_open_id do |result, identity_url|
    if result.successful?
      if @user = User.find_by_open_id_url(identity_url)
        session['user_id'] = @user.id
        msg = (should_expire_sessions?) ? t('login.session_will_expire', :hours => 1) : t('login.session_will_not_expire')
        notify :notice, (t('login.successful_with_session_info') + msg)
        cookies[:tracks_login] = { :value => @user., :expires => Time.now + 1.year, :secure => SITE_CONFIG['secure_cookies'] }
        unless should_expire_sessions?
          @user.remember_me
          cookies[:auth_token] = { :value => @user.remember_token , :expires => @user.remember_token_expires_at, :secure => SITE_CONFIG['secure_cookies'] }
        end
        redirect_back_or_home
      else
        notify :warning, t('login.openid_identity_url_not_found', :identity_url => identity_url)
      end
    else
      notify :warning, result.message
    end
  end
end

- (Object) logout 



71
72
73
 
# File 'app/controllers/login_controller.rb', line 71

def logout
  logout_user
end

- (Boolean) should_expire_sessions? (private)

Returns:

  • (Boolean) 


143
144
145
 
# File 'app/controllers/login_controller.rb', line 143

def should_expire_sessions?
  session['noexpiry'] != "on"
end