From 2473c5588b1d89cc5cbf934d5a0b4df08c161dd5 Mon Sep 17 00:00:00 2001 From: Heiko Bernloehr Date: Thu, 24 Jul 2014 18:16:08 +0200 Subject: Additional tests authenticating as anounymous or subparticipant. It's not any more possible to use arbitrary authentication values in the Cookie header. Now it's only possible to use anonymous cookie values in anomymous Cookie header and subparticipant cookie values in subparticipant Cookie header. --- app/controllers/application_controller.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4ea8cfb..6c3e6bd 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -103,8 +103,8 @@ protected if !(@cookie = cookies[:ecs_anonymous]).blank? if (identity = Identity.find_by_name(@cookie)).blank? raise Ecs::AuthenticationException, "No valid identity found for cookie: #{@cookie}" - elsif (participant = identity.participant).blank? - raise Ecs::AuthenticationException, "Cookie: #{@cookie}\" is not assigned any participant" + elsif (participant = identity.participant).blank? or !participant.anonymous + raise Ecs::AuthenticationException, "Cookie: #{@cookie}\" is not assigned any anonymous participant" else return participant end @@ -117,8 +117,8 @@ protected if !(@cookie = cookies[:ecs_subparticipant]).blank? if (identity = Identity.find_by_name(@cookie)).blank? raise Ecs::AuthenticationException, "No valid identity found for subparticipant cookie: #{@cookie}" - elsif (participant = identity.participant).blank? - raise Ecs::AuthenticationException, "Subparticipant-Cookie: #{@cookie}\" is not assigned any participant" + elsif (participant = identity.participant).blank? or !participant.subparticipant + raise Ecs::AuthenticationException, "Subparticipant-Cookie: #{@cookie}\" is not assigned any subparticipant" else return participant end -- cgit v1.2.3