Generated on Tue Dec 04 22:06:29 -0500 2007 with rcov 0.8.0
Code reported as executed by Ruby looks like this... and this: this line is also marked as covered. Lines considered as run by rcov, but not reported by Ruby, look like this, and this: these lines were inferred by rcov (using simple heuristics). Finally, here's a line marked as not executed.
| Name | Total lines | Lines of code | Total coverage | Code coverage | ||||||||
| lib/authenticated_system.rb | 122 | 64 |
|
|
1 module AuthenticatedSystem 2 protected 3 # Returns true or false if the user is logged in. 4 # Preloads @current_user with the user model if they're logged in. 5 def logged_in? 6 current_user != :false 7 end 8 9 # Accesses the current user from the session. 10 def current_user 11 @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false 12 end 13 14 # Store the given user in the session. 15 def current_user=(new_user) 16 session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id 17 @current_user = new_user 18 end 19 20 # Check if the user is authorized. 21 # 22 # Override this method in your controllers if you want to restrict access 23 # to only a few actions or if you want to check if the user 24 # has the correct rights. 25 # 26 # Example: 27 # 28 # # only allow nonbobs 29 # def authorize? 30 # current_user.login != "bob" 31 # end 32 def authorized? 33 true 34 end 35 36 # Filter method to enforce a login requirement. 37 # 38 # To require logins for all actions, use this in your controllers: 39 # 40 # before_filter :login_required 41 # 42 # To require logins for specific actions, use this in your controllers: 43 # 44 # before_filter :login_required, :only => [ :edit, :update ] 45 # 46 # To skip this in a subclassed controller: 47 # 48 # skip_before_filter :login_required 49 # 50 def login_required 51 username, passwd = get_auth_data 52 self.current_user ||= User.authenticate(username, passwd) || :false if username && passwd 53 logged_in? && authorized? ? true : access_denied 54 end 55 56 # Redirect as appropriate when an access request fails. 57 # 58 # The default action is to redirect to the login screen. 59 # 60 # Override this method in your controllers if you want to have special 61 # behavior in case the user is not authorized 62 # to access the requested action. For example, a popup window might 63 # simply close itself. 64 def access_denied 65 respond_to do |accepts| 66 accepts.html do 67 store_location 68 redirect_to :controller => '/account', :action => 'login' 69 end 70 accepts.xml do 71 headers["Status"] = "Unauthorized" 72 headers["WWW-Authenticate"] = %(Basic realm="Web Password") 73 render :text => "Could't authenticate you", :status => '401 Unauthorized' 74 end 75 end 76 false 77 end 78 79 # Store the URI of the current request in the session. 80 # 81 # We can return to this location by calling #redirect_back_or_default. 82 def store_location 83 session[:return_to] = request.request_uri 84 end 85 86 # Redirect to the URI stored by the most recent store_location call or 87 # to the passed default. 88 def redirect_back_or_default(default) 89 session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default) 90 session[:return_to] = nil 91 end 92 93 # Inclusion hook to make #current_user and #logged_in? 94 # available as ActionView helper methods. 95 def self.included(base) 96 base.send :helper_method, :current_user, :logged_in? 97 end 98 99 # When called with before_filter :login_from_cookie will check for an :auth_token 100 # cookie and log the user back in if apropriate 101 def login_from_cookie 102 return unless cookies[:auth_token] && !logged_in? 103 user = User.find_by_remember_token(cookies[:auth_token]) 104 if user && user.remember_token? 105 user.remember_me 106 self.current_user = user 107 cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at } 108 cookies[:login] = { :value => self.current_user.login, :expires => self.current_user.remember_token_expires_at } 109 cookies[:roles] = { :value => self.current_user.roles.join(" "), :expires => self.current_user.remember_token_expires_at } 110 flash[:notice] = "Logged in successfully" 111 end 112 end 113 114 private 115 @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization) 116 # gets BASIC auth info 117 def get_auth_data 118 auth_key = @@http_auth_headers.detect { |h| request.env.has_key?(h) } 119 auth_data = request.env[auth_key].to_s.split unless auth_key.blank? 120 return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil] 121 end 122 end
Generated using the rcov code coverage analysis tool for Ruby version 0.8.0.