Generated on Thu Jun 07 11:34:00 -0400 2007 with rcov 0.8.0
Code reported as executed by Ruby looks like this... and this: this line is also marked as covered. Lines considered as run by rcov, but not reported by Ruby, look like this, and this: these lines were inferred by rcov (using simple heuristics). Finally, here's a line marked as not executed.
| Name | Total lines | Lines of code | Total coverage | Code coverage | ||||||||
| lib/authenticated_system.rb | 141 | 76 |
|
|
1 module AuthenticatedSystem 2 protected 3 # Returns true or false if the user is logged in. 4 # Preloads @current_user with the user model if they're logged in. 5 def logged_in? 6 (@current_user ||= session[:user] ? User.find_by_id(session[:user]) : :false).is_a?(User) 7 end 8 9 def admin? 10 current_user.rank == :admin 11 end 12 13 # Accesses the current user from the session. 14 def current_user 15 @current_user if logged_in? 16 end 17 18 # Store the given user in the session. 19 def current_user=(new_user) 20 session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id 21 @current_user = new_user 22 end 23 24 # Check if the user is authorized. 25 # 26 # Override this method in your controllers if you want to restrict access 27 # to only a few actions or if you want to check if the user 28 # has the correct rights. 29 # 30 # Example: 31 # 32 # # only allow nonbobs 33 # def authorize? 34 # current_user.login != "bob" 35 # end 36 def authorized? 37 true 38 end 39 40 # Filter method to enforce a login requirement. 41 # 42 # To require logins for all actions, use this in your controllers: 43 # 44 # before_filter :login_required 45 # 46 # To require logins for specific actions, use this in your controllers: 47 # 48 # before_filter :login_required, :only => [ :edit, :update ] 49 # 50 # To skip this in a subclassed controller: 51 # 52 # skip_before_filter :login_required 53 # 54 def login_required 55 username, passwd = get_auth_data 56 self.current_user ||= User.authenticate(username, passwd) || :false if username && passwd 57 logged_in? && authorized? ? true : access_denied 58 end 59 60 def admin_required 61 username, passwd = get_auth_data 62 self.current_user ||= User.authenticate(username,passwd) || :false if username && passwd 63 logged_in? && authorized? && admin? ? true : access_denied 64 end 65 66 # Redirect as appropriate when an access request fails. 67 # 68 # The default action is to redirect to the login screen. 69 # 70 # Override this method in your controllers if you want to have special 71 # behavior in case the user is not authorized 72 # to access the requested action. For example, a popup window might 73 # simply close itself. 74 def access_denied 75 respond_to do |accepts| 76 accepts.html do 77 store_location 78 redirect_to :controller => '/account', :action => 'login' 79 end 80 accepts.xml do 81 headers["Status"] = "Unauthorized" 82 headers["WWW-Authenticate"] = %(Basic realm="Web Password") 83 render :text => "Could't authenticate you", :status => '401 Unauthorized' 84 end 85 end 86 false 87 end 88 89 # Store the URI of the current request in the session. 90 # 91 # We can return to this location by calling #redirect_back_or_default. 92 def store_location 93 session[:return_to] = request.request_uri 94 end 95 96 # Redirect to the URI stored by the most recent store_location call or 97 # to the passed default. 98 def redirect_back_or_default(default) 99 session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default) 100 session[:return_to] = nil 101 end 102 103 # Inclusion hook to make #current_user and #logged_in? 104 # available as ActionView helper methods. 105 def self.included(base) 106 base.send :helper_method, :current_user, :logged_in?, :admin? 107 end 108 109 # When called with before_filter :login_from_cookie will check for an :auth_token 110 # cookie and log the user back in if apropriate 111 def login_from_cookie 112 return unless cookies[:auth_token] && !logged_in? 113 user = User.find_by_remember_token(cookies[:auth_token]) 114 if user && user.remember_token? 115 user.remember_me 116 self.current_user = user 117 cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at } 118 flash[:notice] = "Logged in successfully" 119 end 120 end 121 122 private 123 # gets BASIC auth info 124 def get_auth_data 125 user, pass = nil, nil 126 # extract authorisation credentials 127 if request.env.has_key? 'X-HTTP_AUTHORIZATION' 128 # try to get it where mod_rewrite might have put it 129 authdata = request.env['X-HTTP_AUTHORIZATION'].to_s.split 130 elsif request.env.has_key? 'HTTP_AUTHORIZATION' 131 # this is the regular location 132 authdata = request.env['HTTP_AUTHORIZATION'].to_s.split 133 end 134 135 # at the moment we only support basic authentication 136 if authdata && authdata[0] == 'Basic' 137 user, pass = Base64.decode64(authdata[1]).split(':')[0..1] 138 end 139 return [user, pass] 140 end 141 end
Generated using the rcov code coverage analysis tool for Ruby version 0.8.0.