[refs #796] add email access && small refactoring

2012-12-25 21:55:56 +06:00 · 2012-12-25 21:55:56 +06:00 · 5d483b0c1d
parent fefa581593
commit 5d483b0c1d
3 changed files with 10 additions and 9 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -87,7 +87,9 @@ class User < Avatar
    def find_for_database_authentication(warden_conditions)
      conditions = warden_conditions.dup
      login = conditions.delete(:login)
-      where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase }]).first
+      where(conditions)
+      .where(["lower(uname) = :value OR lower(email) = :value OR authentication_token = :orig_value",
+             { :value => login.downcase, :orig_value => login }]).first
    end

    def new_with_session(params, session)
@ -103,6 +105,11 @@ class User < Avatar
        end
      end
    end
+
+    def auth_by_token_or_login_pass(user, pass)
+      u = User.find_for_database_authentication(:login => user)
+      u if u && !u.access_locked? && (u.authentication_token == user || u.valid_password?(pass))
+    end
  end

  # def update_with_password(params={})
--- a/lib/api_defender.rb
+++ b/lib/api_defender.rb
@ -58,11 +58,7 @@ class ApiDefender < Rack::Throttle::Hourly
    return @authorized unless @authorized.nil?
    auth = Rack::Auth::Basic::Request.new(request.env)
    if auth.provided? and auth.basic?
-      u,pass = auth.credentials
-      @authorized = (@user = (User.where(:authentication_token => u).first ||
-                     User.find_for_database_authentication(:login => u)) and
-                    !@user.access_locked? and
-                    (@user.authentication_token == u or @user.valid_password?(pass)))
+      @authorized = (@user = User.auth_by_token_or_login_pass(*auth.credentials))
    end
    @user = nil unless @authorized
    @authorized
--- a/lib/plugins/grack/auth.rb
+++ b/lib/plugins/grack/auth.rb
@ -12,9 +12,7 @@ module Grack
        return render_not_found if project.blank?

        return ::Rack::Auth::Basic.new(@app) do |u, p|
-          user = (User.where(:authentication_token => u).first ||
-                      User.find_for_database_authentication(:login => u)) and
-          !user.access_locked? and (user.authentication_token == u or user.valid_password?(p)) and
+          user = User.auth_by_token_or_login_pass(u, p) and
          ability = ::Ability.new(user) and ability.can?(action, project) # project.members.include?(user)
        end.call(env) unless project.public? and read? # need auth
      end