2013-10-09 15:10:37 +11:00
require_dependency " auth/current_user_provider "
class Auth :: DefaultCurrentUserProvider
2013-11-01 23:57:50 +01:00
CURRENT_USER_KEY || = " _DISCOURSE_CURRENT_USER "
API_KEY || = " _DISCOURSE_API "
TOKEN_COOKIE || = " _t "
2013-10-09 15:10:37 +11:00
# do all current user initialization here
def initialize ( env )
@env = env
@request = Rack :: Request . new ( env )
end
2014-03-03 15:16:10 +11:00
2013-10-09 15:10:37 +11:00
# our current user, return nil if none is found
def current_user
return @env [ CURRENT_USER_KEY ] if @env . key? ( CURRENT_USER_KEY )
request = Rack :: Request . new ( @env )
auth_token = request . cookies [ TOKEN_COOKIE ]
current_user = nil
if auth_token && auth_token . length == 32
2014-05-06 14:41:59 +01:00
current_user = User . find_by ( auth_token : auth_token )
2013-10-09 15:10:37 +11:00
end
2014-04-28 13:46:28 -04:00
if current_user && ( current_user . suspended? || ! current_user . active )
2013-10-09 15:10:37 +11:00
current_user = nil
end
if current_user
2014-03-03 15:16:10 +11:00
2014-03-17 11:59:34 +11:00
u = current_user
Scheduler :: Defer . later do
u . update_last_seen!
u . update_ip_address! ( request . ip )
end
2013-10-09 15:10:37 +11:00
end
# possible we have an api call, impersonate
unless current_user
2013-10-22 15:53:08 -04:00
if api_key_value = request [ " api_key " ]
api_key = ApiKey . where ( key : api_key_value ) . includes ( :user ) . first
if api_key . present?
@env [ API_KEY ] = true
2013-10-23 11:05:49 -04:00
api_username = request [ " api_username " ]
2013-10-22 15:53:08 -04:00
if api_key . user . present?
2013-10-23 11:05:49 -04:00
raise Discourse :: InvalidAccess . new if api_username && ( api_key . user . username_lower != api_username . downcase )
2013-10-22 15:53:08 -04:00
current_user = api_key . user
2013-10-23 11:05:49 -04:00
elsif api_username
2014-05-06 14:41:59 +01:00
current_user = User . find_by ( username_lower : api_username . downcase )
2013-10-09 15:10:37 +11:00
end
2013-10-22 15:53:08 -04:00
2013-10-09 15:10:37 +11:00
end
end
end
@env [ CURRENT_USER_KEY ] = current_user
end
def log_on_user ( user , session , cookies )
unless user . auth_token && user . auth_token . length == 32
user . auth_token = SecureRandom . hex ( 16 )
user . save!
end
cookies . permanent [ TOKEN_COOKIE ] = { value : user . auth_token , httponly : true }
2013-11-02 10:25:43 +11:00
make_developer_admin ( user )
2013-10-09 15:10:37 +11:00
@env [ CURRENT_USER_KEY ] = user
end
2013-11-02 10:25:43 +11:00
def make_developer_admin ( user )
if user . active? &&
! user . admin &&
Rails . configuration . respond_to? ( :developer_emails ) &&
Rails . configuration . developer_emails . include? ( user . email )
2014-03-24 18:03:39 +11:00
user . admin = true
user . save
2013-11-02 10:25:43 +11:00
end
end
2013-10-09 15:10:37 +11:00
def log_off_user ( session , cookies )
cookies [ TOKEN_COOKIE ] = nil
end
# api has special rights return true if api was detected
def is_api?
current_user
@env [ API_KEY ]
end
def has_auth_cookie?
request = Rack :: Request . new ( @env )
2013-10-17 10:37:06 +11:00
cookie = request . cookies [ TOKEN_COOKIE ]
2013-10-09 15:10:37 +11:00
! cookie . nil? && cookie . length == 32
end
end
