class ApplicationController < ActionController::Base
before_filter :require_login
def require_login
if authenticated?
create_new_authentication()
if controller_name != 'chat' and (controller_name != 'sessions' and action_name != 'destroy')
redirect_to chat_path
end
else
unless controller_name == 'sessions' && (action_name == 'new' || action_name == 'create')
redirect_to root_url, flash: {error: I18n.t('login.access-denied')} end
end
end
protected
def authenticated?
@token = Token.authenticate(session)
end
def create_new_authentication(user_credentials = nil)
if @token
user_id = @token.user_id
@token.delete
else
user_id = nil
end
@token = Token.new
save_session(user_id, user_credentials)
end
def remove_session
reset_session()
cookies.delete :iv
cookies.delete :key
end
private
def save_session(user_id, user_credentials)
session[:token] = Token.generate_token()
session[:created_at] = Time.now
session[:ip] = request.remote_ip
if user_credentials
encrypted_pass = Security::encrypt(user_credentials[:password])
cookies[:key] = Security::cipher_key
cookies[:iv] = Security::cipher_iv
user = create_new_user(user_credentials)
user.update_pass(user_credentials[:jid], encrypted_pass)
user_id = user.id
end
@token.save_session(session, user_id)
end
def create_new_user(user_credentials)
jid = user_credentials[:jid]
user = User.existing_jid(jid) || User.create_jid(jid)
end
end