diff options
author | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2014-07-24 18:16:08 +0200 |
---|---|---|
committer | Heiko Bernloehr <Heiko.Bernloehr@FreeIT.de> | 2016-01-27 01:50:43 +0100 |
commit | 2473c5588b1d89cc5cbf934d5a0b4df08c161dd5 (patch) | |
tree | 1081a5d6131a0f6062f92502f9c56c1661847ea0 | |
parent | 4c37f923d90b85c88cb54140ac49975d5e37cb39 (diff) | |
download | ecs2-2473c5588b1d89cc5cbf934d5a0b4df08c161dd5.tar.gz ecs2-2473c5588b1d89cc5cbf934d5a0b4df08c161dd5.zip |
Additional tests authenticating as anounymous or subparticipant.
It's not any more possible to use arbitrary authentication values in the Cookie
header. Now it's only possible to use anonymous cookie values in anomymous
Cookie header and subparticipant cookie values in subparticipant Cookie header.
-rw-r--r-- | app/controllers/application_controller.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4ea8cfb..6c3e6bd 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -103,8 +103,8 @@ protected if !(@cookie = cookies[:ecs_anonymous]).blank? if (identity = Identity.find_by_name(@cookie)).blank? raise Ecs::AuthenticationException, "No valid identity found for cookie: #{@cookie}" - elsif (participant = identity.participant).blank? - raise Ecs::AuthenticationException, "Cookie: #{@cookie}\" is not assigned any participant" + elsif (participant = identity.participant).blank? or !participant.anonymous + raise Ecs::AuthenticationException, "Cookie: #{@cookie}\" is not assigned any anonymous participant" else return participant end @@ -117,8 +117,8 @@ protected if !(@cookie = cookies[:ecs_subparticipant]).blank? if (identity = Identity.find_by_name(@cookie)).blank? raise Ecs::AuthenticationException, "No valid identity found for subparticipant cookie: #{@cookie}" - elsif (participant = identity.participant).blank? - raise Ecs::AuthenticationException, "Subparticipant-Cookie: #{@cookie}\" is not assigned any participant" + elsif (participant = identity.participant).blank? or !participant.subparticipant + raise Ecs::AuthenticationException, "Subparticipant-Cookie: #{@cookie}\" is not assigned any subparticipant" else return participant end |