Created
March 9, 2012 07:52
-
-
Save FotoVerite/2005568 to your computer and use it in GitHub Desktop.
Refactor of session_module
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module SessionMethods | |
protected | |
def admin_logged_in? | |
unless current_user(Admin) | |
return false | |
else | |
return true | |
end | |
end | |
def member_logged_in? | |
unless current_user(Member) | |
return false | |
else | |
return true | |
end | |
end | |
def current_user(klass) | |
class_name = get_class_name(klass)} | |
unless @current_user == false | |
@current_user ||= (login_from_session(class_name) || login_from_cookie(class_name)) | |
instance_variable_set("@current_#{class_name}}".to_sym, @current_user) | |
return @current_user | |
end | |
end | |
def current_user=(new_user) | |
session["#{get_class_name(new_user)}_id"] = new_user ? new_user.id : nil | |
@current_user = new_user || false | |
end | |
def login_from_session(class_name) | |
user = klass.constantize.find_by_id(session["#{class_name}_id"]) if session["#{class_name}_id"] | |
if user | |
if user.enabled | |
self.current_user = user | |
else | |
logout_keeping_session! | |
end | |
end | |
end | |
def login_from_cookie(class_name) | |
auth_token = "#{class_name}_auth_token" | |
user = klass.constantize.find_by_remember_token(cookies[auth_token]) if (cookies[auth_token]) | |
if user && user.remember_token? | |
if user.enabled | |
self.current_user = user | |
handle_remember_cookie! false # freshen cookie token (keeping date) | |
return self.current_user | |
else | |
logout_keeping_session!(class_name) | |
end | |
end | |
rescue | |
logout_killing_session!(class_name) | |
end | |
# The session should only be reset at the tail end of a form POST -- | |
# otherwise the request forgery protection fails. It's only really necessary | |
# when you cross quarantine (logged-out to logged-in). | |
def logout_killing_session!(class_name) | |
logout_keeping_session!((class_name)) | |
reset_session | |
end | |
def logout_keeping_session!(class_name) | |
# Kill server-side auth cookie | |
@current_user.forget_me | |
@current_user = false | |
kill_remember_cookie!(class_name) # Kill client-side auth cookie | |
session[:id] = nil | |
# explicitly kill any other session variables you set | |
end | |
def kill_remember_cookie!(class_name) | |
cookies.delete "#{class_name}_auth_token" | |
end | |
def valid_remember_cookie?(class_name) | |
return nil unless @current_user | |
(@current_user.remember_token?) && | |
(cookies["#{class_name}_auth_token"] == @current_user.remember_token) | |
end | |
def send_remember_cookie!(class_name) | |
cookies["#{class_name}_auth_token"] = { | |
:value => @current_user.remember_token, | |
:expires => @current_user.remember_token_expires_at | |
} | |
end | |
# Refresh the cookie auth token if it exists, create it otherwise | |
def handle_remember_cookie!(new_cookie_flag, class_name) | |
return unless @current_user | |
case | |
when valid_remember_cookie?(class_name) then @current_user.refresh_token # keeping same expiry date | |
when new_cookie_flag then @current_user.remember_me | |
else @current_user.forget_me | |
end | |
send_remember_cookie!(class_name) | |
end | |
def get_class_name(object) | |
object.class.name.tableize.singularize | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment