Home Explore Help
Register Sign In
maarten
/
aardbei
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Commits 243 Releases 0 Wiki
Browse Source

Make get_user_session break properly

This change will intentionally throw a RecordNotFound-error to prevent a
nil-error later on. The intended behaviour is to log the user out and
redirect to login, but this is currently impossible because helpers
can't redirect in all cases.

The authentication helpers should probably be moved to a concern, but I
can't be bothered enough, so it remains fixme.
Maarten van den Berg 8 years ago
parent
28b22588ef
commit
f3e71a35d2
1 changed files with 9 additions and 3 deletions
Unified View Show Diff Stats
  1. 9 3
      app/helpers/authentication_helper.rb

+ 9 - 3
app/helpers/authentication_helper.rb
View File

38
38
39 
   # Determine whether the user is logged in, and if so, disable the Session, then flush session cookies.
 39 
   # Determine whether the user is logged in, and if so, disable the Session, then flush session cookies.
40 
   def log_out
 40 
   def log_out
41 
-    if is_logged_in?
41 
+    if is_logged_in? and @user_session
42 
       get_user_session
 42 
       get_user_session
43
43
44 
       @user_session.update!(active: false)
 44 
       @user_session.update!(active: false)
91 
     if @user_session
 91 
     if @user_session
92 
       @user_session
 92 
       @user_session
93 
     else
 93 
     else
94 
-      @user_session ||= Session.find_by(
95 
-        id: cookies.signed.permanent[:session_id]
94 
+      @user_session ||= Session.find(
95 
+        cookies.signed.permanent[:session_id]
96 
       )
 96 
       )
97 
     end
 97 
     end
98 
+
99 
+    # Edge case if a session no longer exists in the database
100 
+    if not @user_session
101 
+      log_out
102 
+      redirect_to login_path # FIXME!
103 
+    end
98 
   end
 104 
   end
99
105
100 
   def current_user
 106 
   def current_user