2010-02-19 03:52:04 -05:00
|
|
|
require "action_controller/metal"
|
|
|
|
|
2009-10-22 18:12:00 -04:00
|
|
|
module Devise
|
2009-11-21 21:49:23 -05:00
|
|
|
# Failure application that will be called every time :warden is thrown from
|
|
|
|
# any strategy or hook. Responsible for redirect the user to the sign in
|
|
|
|
# page based on current scope and mapping. If no scope is given, redirect
|
|
|
|
# to the default_url.
|
2010-02-19 03:52:04 -05:00
|
|
|
class FailureApp < ActionController::Metal
|
|
|
|
include ActionController::RackDelegation
|
|
|
|
include ActionController::UrlFor
|
|
|
|
include ActionController::Redirecting
|
2012-01-03 14:32:51 -05:00
|
|
|
|
2010-05-15 18:38:40 -04:00
|
|
|
include Rails.application.routes.url_helpers
|
2012-01-03 14:32:51 -05:00
|
|
|
include Rails.application.routes.mounted_helpers
|
2009-11-21 21:49:23 -05:00
|
|
|
|
2013-11-08 09:39:43 -05:00
|
|
|
include Devise::Controllers::StoreLocation
|
|
|
|
|
2014-02-25 11:42:55 -05:00
|
|
|
delegate :flash, to: :request
|
2010-04-03 05:43:31 -04:00
|
|
|
|
2009-10-22 18:12:00 -04:00
|
|
|
def self.call(env)
|
2011-11-07 05:47:28 -05:00
|
|
|
@respond ||= action(:respond)
|
|
|
|
@respond.call(env)
|
2009-11-21 21:49:23 -05:00
|
|
|
end
|
2009-11-16 11:31:09 -05:00
|
|
|
|
2010-02-19 03:52:04 -05:00
|
|
|
def self.default_url_options(*args)
|
2012-01-02 14:00:38 -05:00
|
|
|
if defined?(ApplicationController)
|
|
|
|
ApplicationController.default_url_options(*args)
|
|
|
|
else
|
|
|
|
{}
|
|
|
|
end
|
2009-11-21 21:49:23 -05:00
|
|
|
end
|
|
|
|
|
2010-02-19 03:52:04 -05:00
|
|
|
def respond
|
2010-03-29 09:16:14 -04:00
|
|
|
if http_auth?
|
2010-04-03 05:43:31 -04:00
|
|
|
http_auth
|
|
|
|
elsif warden_options[:recall]
|
|
|
|
recall
|
2010-03-29 09:16:14 -04:00
|
|
|
else
|
2010-04-03 05:43:31 -04:00
|
|
|
redirect
|
2010-03-29 09:16:14 -04:00
|
|
|
end
|
2009-10-22 18:12:00 -04:00
|
|
|
end
|
2009-11-21 21:49:23 -05:00
|
|
|
|
2010-04-03 05:43:31 -04:00
|
|
|
def http_auth
|
|
|
|
self.status = 401
|
2010-08-31 17:55:25 -04:00
|
|
|
self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect}) if http_auth_header?
|
2010-04-03 05:43:31 -04:00
|
|
|
self.content_type = request.format.to_s
|
|
|
|
self.response_body = http_auth_body
|
2010-04-01 11:30:55 -04:00
|
|
|
end
|
|
|
|
|
2010-04-03 05:43:31 -04:00
|
|
|
def recall
|
|
|
|
env["PATH_INFO"] = attempted_path
|
2010-12-25 05:15:56 -05:00
|
|
|
flash.now[:alert] = i18n_message(:invalid)
|
2010-09-25 05:21:51 -04:00
|
|
|
self.response = recall_app(warden_options[:recall]).call(env)
|
2010-03-29 09:16:14 -04:00
|
|
|
end
|
|
|
|
|
2010-04-03 05:43:31 -04:00
|
|
|
def redirect
|
|
|
|
store_location!
|
2012-01-24 07:58:57 -05:00
|
|
|
if flash[:timedout] && flash[:alert]
|
|
|
|
flash.keep(:timedout)
|
|
|
|
flash.keep(:alert)
|
|
|
|
else
|
|
|
|
flash[:alert] = i18n_message
|
|
|
|
end
|
2010-07-05 09:22:44 -04:00
|
|
|
redirect_to redirect_url
|
2010-03-29 09:16:14 -04:00
|
|
|
end
|
|
|
|
|
2010-04-03 05:43:31 -04:00
|
|
|
protected
|
|
|
|
|
2013-10-24 11:29:53 -04:00
|
|
|
def i18n_options(options)
|
|
|
|
options
|
|
|
|
end
|
|
|
|
|
2010-04-03 05:43:31 -04:00
|
|
|
def i18n_message(default = nil)
|
2012-01-24 07:58:57 -05:00
|
|
|
message = warden_message || default || :unauthenticated
|
2010-04-03 05:43:31 -04:00
|
|
|
|
|
|
|
if message.is_a?(Symbol)
|
2013-10-24 10:46:45 -04:00
|
|
|
options = {}
|
|
|
|
options[:resource_name] = scope
|
|
|
|
options[:scope] = "devise.failure"
|
|
|
|
options[:default] = [message]
|
2014-10-27 20:32:19 -04:00
|
|
|
auth_keys = scope_class.authentication_keys
|
|
|
|
keys = auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys
|
|
|
|
options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector"))
|
2013-10-24 11:29:53 -04:00
|
|
|
options = i18n_options(options)
|
2013-10-24 10:46:45 -04:00
|
|
|
|
|
|
|
I18n.t(:"#{scope}.#{message}", options)
|
2010-03-29 09:16:14 -04:00
|
|
|
else
|
|
|
|
message.to_s
|
|
|
|
end
|
2010-04-03 05:43:31 -04:00
|
|
|
end
|
2010-03-29 09:16:14 -04:00
|
|
|
|
2010-07-05 09:22:44 -04:00
|
|
|
def redirect_url
|
2012-01-24 07:58:57 -05:00
|
|
|
if warden_message == :timeout
|
|
|
|
flash[:timedout] = true
|
2013-05-19 08:45:11 -04:00
|
|
|
|
|
|
|
path = if request.get?
|
|
|
|
attempted_path
|
|
|
|
else
|
|
|
|
request.referrer
|
|
|
|
end
|
|
|
|
|
2014-03-31 12:32:45 -04:00
|
|
|
path || scope_url
|
2012-01-24 07:58:57 -05:00
|
|
|
else
|
2014-03-31 12:32:45 -04:00
|
|
|
scope_url
|
2012-01-24 07:58:57 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-03-31 12:32:45 -04:00
|
|
|
def scope_url
|
2011-09-08 02:32:05 -04:00
|
|
|
opts = {}
|
2014-03-31 12:32:45 -04:00
|
|
|
route = :"new_#{scope}_session_url"
|
2011-09-08 02:32:05 -04:00
|
|
|
opts[:format] = request_format unless skip_format?
|
2012-05-09 17:41:05 -04:00
|
|
|
|
|
|
|
config = Rails.application.config
|
|
|
|
opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root))
|
2011-09-08 02:32:05 -04:00
|
|
|
|
2012-02-15 11:13:55 -05:00
|
|
|
context = send(Devise.available_router_name)
|
2012-01-03 14:32:51 -05:00
|
|
|
|
|
|
|
if context.respond_to?(route)
|
|
|
|
context.send(route, opts)
|
2014-03-31 12:32:45 -04:00
|
|
|
elsif respond_to?(:root_url)
|
|
|
|
root_url(opts)
|
2012-01-02 16:31:30 -05:00
|
|
|
else
|
|
|
|
"/"
|
2011-01-07 19:40:21 -05:00
|
|
|
end
|
2010-07-05 09:22:44 -04:00
|
|
|
end
|
|
|
|
|
2011-04-29 08:11:47 -04:00
|
|
|
def skip_format?
|
|
|
|
%w(html */*).include? request_format.to_s
|
|
|
|
end
|
|
|
|
|
2010-08-31 17:55:25 -04:00
|
|
|
# Choose whether we should respond in a http authentication fashion,
|
|
|
|
# including 401 and optional headers.
|
|
|
|
#
|
|
|
|
# This method allows the user to explicitly disable http authentication
|
|
|
|
# on ajax requests in case they want to redirect on failures instead of
|
|
|
|
# handling the errors on their own. This is useful in case your ajax API
|
|
|
|
# is the same as your public API and uses a format like JSON (so you
|
|
|
|
# cannot mark JSON as a navigational format).
|
2010-04-03 05:43:31 -04:00
|
|
|
def http_auth?
|
2010-08-31 11:44:19 -04:00
|
|
|
if request.xhr?
|
|
|
|
Devise.http_authenticatable_on_xhr
|
|
|
|
else
|
2011-04-17 13:43:54 -04:00
|
|
|
!(request_format && is_navigational_format?)
|
2010-08-31 11:44:19 -04:00
|
|
|
end
|
2010-03-29 09:16:14 -04:00
|
|
|
end
|
|
|
|
|
2010-08-31 17:55:25 -04:00
|
|
|
# It does not make sense to send authenticate headers in ajax requests
|
|
|
|
# or if the user disabled them.
|
|
|
|
def http_auth_header?
|
2014-09-24 09:48:46 -04:00
|
|
|
scope_class.http_authenticatable && !request.xhr?
|
2010-08-31 17:55:25 -04:00
|
|
|
end
|
|
|
|
|
2010-04-03 05:43:31 -04:00
|
|
|
def http_auth_body
|
2011-02-15 04:26:28 -05:00
|
|
|
return i18n_message unless request_format
|
|
|
|
method = "to_#{request_format}"
|
2011-04-17 01:47:54 -04:00
|
|
|
if method == "to_xml"
|
2014-02-25 11:42:55 -05:00
|
|
|
{ error: i18n_message }.to_xml(root: "errors")
|
2011-04-17 01:47:54 -04:00
|
|
|
elsif {}.respond_to?(method)
|
2014-02-25 11:42:55 -05:00
|
|
|
{ error: i18n_message }.send(method)
|
2011-04-17 01:47:54 -04:00
|
|
|
else
|
|
|
|
i18n_message
|
|
|
|
end
|
2010-02-19 03:52:04 -05:00
|
|
|
end
|
|
|
|
|
2010-09-25 05:21:51 -04:00
|
|
|
def recall_app(app)
|
|
|
|
controller, action = app.split("#")
|
2011-04-16 07:30:15 -04:00
|
|
|
controller_name = ActiveSupport::Inflector.camelize(controller)
|
|
|
|
controller_klass = ActiveSupport::Inflector.constantize("#{controller_name}Controller")
|
|
|
|
controller_klass.action(action)
|
2010-04-01 11:30:55 -04:00
|
|
|
end
|
|
|
|
|
2010-02-19 03:52:04 -05:00
|
|
|
def warden
|
|
|
|
env['warden']
|
|
|
|
end
|
2009-11-21 21:49:23 -05:00
|
|
|
|
2010-02-19 03:52:04 -05:00
|
|
|
def warden_options
|
|
|
|
env['warden.options']
|
2009-11-21 21:49:23 -05:00
|
|
|
end
|
|
|
|
|
2012-01-24 07:58:57 -05:00
|
|
|
def warden_message
|
|
|
|
@message ||= warden.message || warden_options[:message]
|
|
|
|
end
|
|
|
|
|
2010-04-03 05:43:31 -04:00
|
|
|
def scope
|
2010-07-14 11:55:14 -04:00
|
|
|
@scope ||= warden_options[:scope] || Devise.default_scope
|
2010-04-03 05:43:31 -04:00
|
|
|
end
|
|
|
|
|
2014-09-24 09:48:46 -04:00
|
|
|
def scope_class
|
|
|
|
@scope_class ||= Devise.mappings[scope].to
|
|
|
|
end
|
|
|
|
|
2010-03-11 12:39:32 -05:00
|
|
|
def attempted_path
|
|
|
|
warden_options[:attempted_path]
|
|
|
|
end
|
|
|
|
|
2009-11-21 21:49:23 -05:00
|
|
|
# Stores requested uri to redirect the user after signing in. We cannot use
|
|
|
|
# scoped session provided by warden here, since the user is not authenticated
|
|
|
|
# yet, but we still need to store the uri based on scope, so different scopes
|
|
|
|
# would never use the same uri to redirect.
|
2010-04-03 05:43:31 -04:00
|
|
|
def store_location!
|
2013-11-08 09:39:43 -05:00
|
|
|
store_location_for(scope, attempted_path) if request.get? && !http_auth?
|
2009-11-21 21:49:23 -05:00
|
|
|
end
|
2012-01-02 15:00:55 -05:00
|
|
|
|
|
|
|
def is_navigational_format?
|
|
|
|
Devise.navigational_formats.include?(request_format)
|
|
|
|
end
|
|
|
|
|
|
|
|
def request_format
|
|
|
|
@request_format ||= request.format.try(:ref)
|
|
|
|
end
|
2009-10-22 18:12:00 -04:00
|
|
|
end
|
|
|
|
end
|