TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35773 Commits
139 Branches
203 Tags
1.2 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 6ef1a5862b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6ef1a5862b'
${ noResults }
openproject/lib/open_project/authentication/strategies/warden/session.rb

48 lines
1.3 KiB
Raw Blame History

require 'open_project/authentication/session_expiry'
module OpenProject
module Authentication
module Strategies
module Warden
##
# Temporary strategy necessary as long as the OpenProject authentication has
# not been unified in terms of Warden strategies and is only locally
# applied to the API v3.
class Session < ::Warden::Strategies::Base
include ::OpenProject::Authentication::SessionExpiry
def valid?
# A session must exist and valid
return false if session.nil? || session_ttl_expired?
# We allow GET requests on the API session
# without headers (e.g., for images on attachments)
return true if request.get?
# For all other requests, to mitigate CSRF vectors,
# require the frontend header to be present.
xml_request_header_set?
end
def authenticate!
user = user_id ? User.find(user_id) : User.anonymous
success! user
end
def xml_request_header_set?
request.env['HTTP_X_REQUESTED_WITH'.freeze] == 'XMLHttpRequest'.freeze
end
def user_id
Hash(session)['user_id']
end
def session
env['rack.session']
end
end
end
end
end
end