Skip to content

Instantly share code, notes, and snippets.

@FotoVerite
Created March 9, 2012 07:52
Show Gist options
  • Save FotoVerite/2005568 to your computer and use it in GitHub Desktop.
Save FotoVerite/2005568 to your computer and use it in GitHub Desktop.
Refactor of session_module
module SessionMethods
protected
def admin_logged_in?
unless current_user(Admin)
return false
else
return true
end
end
def member_logged_in?
unless current_user(Member)
return false
else
return true
end
end
def current_user(klass)
class_name = get_class_name(klass)}
unless @current_user == false
@current_user ||= (login_from_session(class_name) || login_from_cookie(class_name))
instance_variable_set("@current_#{class_name}}".to_sym, @current_user)
return @current_user
end
end
def current_user=(new_user)
session["#{get_class_name(new_user)}_id"] = new_user ? new_user.id : nil
@current_user = new_user || false
end
def login_from_session(class_name)
user = klass.constantize.find_by_id(session["#{class_name}_id"]) if session["#{class_name}_id"]
if user
if user.enabled
self.current_user = user
else
logout_keeping_session!
end
end
end
def login_from_cookie(class_name)
auth_token = "#{class_name}_auth_token"
user = klass.constantize.find_by_remember_token(cookies[auth_token]) if (cookies[auth_token])
if user && user.remember_token?
if user.enabled
self.current_user = user
handle_remember_cookie! false # freshen cookie token (keeping date)
return self.current_user
else
logout_keeping_session!(class_name)
end
end
rescue
logout_killing_session!(class_name)
end
# The session should only be reset at the tail end of a form POST --
# otherwise the request forgery protection fails. It's only really necessary
# when you cross quarantine (logged-out to logged-in).
def logout_killing_session!(class_name)
logout_keeping_session!((class_name))
reset_session
end
def logout_keeping_session!(class_name)
# Kill server-side auth cookie
@current_user.forget_me
@current_user = false
kill_remember_cookie!(class_name) # Kill client-side auth cookie
session[:id] = nil
# explicitly kill any other session variables you set
end
def kill_remember_cookie!(class_name)
cookies.delete "#{class_name}_auth_token"
end
def valid_remember_cookie?(class_name)
return nil unless @current_user
(@current_user.remember_token?) &&
(cookies["#{class_name}_auth_token"] == @current_user.remember_token)
end
def send_remember_cookie!(class_name)
cookies["#{class_name}_auth_token"] = {
:value => @current_user.remember_token,
:expires => @current_user.remember_token_expires_at
}
end
# Refresh the cookie auth token if it exists, create it otherwise
def handle_remember_cookie!(new_cookie_flag, class_name)
return unless @current_user
case
when valid_remember_cookie?(class_name) then @current_user.refresh_token # keeping same expiry date
when new_cookie_flag then @current_user.remember_me
else @current_user.forget_me
end
send_remember_cookie!(class_name)
end
def get_class_name(object)
object.class.name.tableize.singularize
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment