2013-10-09 00:10:37 -04:00
|
|
|
require_dependency "auth/current_user_provider"
|
|
|
|
|
|
|
|
class Auth::DefaultCurrentUserProvider
|
|
|
|
|
2013-11-01 18:57:50 -04:00
|
|
|
CURRENT_USER_KEY ||= "_DISCOURSE_CURRENT_USER"
|
|
|
|
API_KEY ||= "_DISCOURSE_API"
|
|
|
|
TOKEN_COOKIE ||= "_t"
|
2013-10-09 00:10:37 -04:00
|
|
|
|
|
|
|
# do all current user initialization here
|
|
|
|
def initialize(env)
|
|
|
|
@env = env
|
|
|
|
@request = Rack::Request.new(env)
|
|
|
|
end
|
|
|
|
|
|
|
|
# our current user, return nil if none is found
|
|
|
|
def current_user
|
|
|
|
return @env[CURRENT_USER_KEY] if @env.key?(CURRENT_USER_KEY)
|
|
|
|
|
|
|
|
request = Rack::Request.new(@env)
|
|
|
|
|
|
|
|
auth_token = request.cookies[TOKEN_COOKIE]
|
|
|
|
|
|
|
|
current_user = nil
|
|
|
|
|
|
|
|
if auth_token && auth_token.length == 32
|
|
|
|
current_user = User.where(auth_token: auth_token).first
|
|
|
|
end
|
|
|
|
|
2013-11-07 13:53:32 -05:00
|
|
|
if current_user && current_user.suspended?
|
2013-10-09 00:10:37 -04:00
|
|
|
current_user = nil
|
|
|
|
end
|
|
|
|
|
|
|
|
if current_user
|
|
|
|
current_user.update_last_seen!
|
|
|
|
current_user.update_ip_address!(request.ip)
|
|
|
|
end
|
|
|
|
|
|
|
|
# possible we have an api call, impersonate
|
|
|
|
unless current_user
|
2013-10-22 15:53:08 -04:00
|
|
|
if api_key_value = request["api_key"]
|
|
|
|
api_key = ApiKey.where(key: api_key_value).includes(:user).first
|
|
|
|
if api_key.present?
|
|
|
|
@env[API_KEY] = true
|
2013-10-23 11:05:49 -04:00
|
|
|
api_username = request["api_username"]
|
2013-10-22 15:53:08 -04:00
|
|
|
|
|
|
|
if api_key.user.present?
|
2013-10-23 11:05:49 -04:00
|
|
|
raise Discourse::InvalidAccess.new if api_username && (api_key.user.username_lower != api_username.downcase)
|
2013-10-22 15:53:08 -04:00
|
|
|
current_user = api_key.user
|
2013-10-23 11:05:49 -04:00
|
|
|
elsif api_username
|
2013-10-09 00:10:37 -04:00
|
|
|
current_user = User.where(username_lower: api_username.downcase).first
|
|
|
|
end
|
2013-10-22 15:53:08 -04:00
|
|
|
|
2013-10-09 00:10:37 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@env[CURRENT_USER_KEY] = current_user
|
|
|
|
end
|
|
|
|
|
|
|
|
def log_on_user(user, session, cookies)
|
|
|
|
unless user.auth_token && user.auth_token.length == 32
|
|
|
|
user.auth_token = SecureRandom.hex(16)
|
|
|
|
user.save!
|
|
|
|
end
|
|
|
|
cookies.permanent[TOKEN_COOKIE] = { value: user.auth_token, httponly: true }
|
2013-11-01 19:25:43 -04:00
|
|
|
make_developer_admin(user)
|
2013-10-09 00:10:37 -04:00
|
|
|
@env[CURRENT_USER_KEY] = user
|
|
|
|
end
|
|
|
|
|
2013-11-01 19:25:43 -04:00
|
|
|
def make_developer_admin(user)
|
|
|
|
if user.active? &&
|
|
|
|
!user.admin &&
|
|
|
|
Rails.configuration.respond_to?(:developer_emails) &&
|
|
|
|
Rails.configuration.developer_emails.include?(user.email)
|
|
|
|
user.update_column(:admin, true)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-10-09 00:10:37 -04:00
|
|
|
def log_off_user(session, cookies)
|
|
|
|
cookies[TOKEN_COOKIE] = nil
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
# api has special rights return true if api was detected
|
|
|
|
def is_api?
|
|
|
|
current_user
|
|
|
|
@env[API_KEY]
|
|
|
|
end
|
|
|
|
|
|
|
|
def has_auth_cookie?
|
|
|
|
request = Rack::Request.new(@env)
|
2013-10-16 19:37:06 -04:00
|
|
|
cookie = request.cookies[TOKEN_COOKIE]
|
2013-10-09 00:10:37 -04:00
|
|
|
!cookie.nil? && cookie.length == 32
|
|
|
|
end
|
|
|
|
end
|