cafe-grader-web

Commit r883:327f656f4545 public

parent | child
Description:
prevent multiple place login using uuid cookie
Commit status:
[Not Reviewed]
References:
algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r883:327f656f4545 - - 1 file changed: 6 inserted, 3 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -68,12 +68,15
68 end
68 end
69
69
70 def unique_visitor_id
70 def unique_visitor_id
71 unless cookies.encrypted[:uuid]
71 unless cookies.encrypted[:uuid]
72 value = SecureRandom.uuid
72 value = SecureRandom.uuid
73 cookies.encrypted[:uuid] = { value: value, expires: 20.year }
73 cookies.encrypted[:uuid] = { value: value, expires: 20.year }
74 + return value
75 + else
76 + return cookies.encrypted[:uuid]
74 end
77 end
75 end
78 end
76
79
77 protected
80 protected
78
81
79 #redirect to root (and also force logout)
82 #redirect to root (and also force logout)
@@ -128,19 +131,19
128 #if the user use different ip from the previous connection
131 #if the user use different ip from the previous connection
129 # only applicable when MULTIPLE_IP_LOGIN options is false only
132 # only applicable when MULTIPLE_IP_LOGIN options is false only
130 def authenticate_by_ip_address
133 def authenticate_by_ip_address
131 #this assume that we have already authenticate normally
134 #this assume that we have already authenticate normally
132 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
135 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
133 user = User.find(session[:user_id])
136 user = User.find(session[:user_id])
134 - if (!user.admin? && user.last_ip && user.last_ip != request.remote_ip)
137 + if (!user.admin? && user.last_ip && user.last_ip != unique_visitor_id)
135 - flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
138 + flash[:notice] = "You cannot use the system from two different places"
136 redirect_to :controller => 'main', :action => 'login'
139 redirect_to :controller => 'main', :action => 'login'
137 return false
140 return false
138 end
141 end
139 unless user.last_ip
142 unless user.last_ip
140 - user.last_ip = request.remote_ip
143 + user.last_ip = unique_visitor_id
141 user.save
144 user.save
142 end
145 end
143 end
146 end
144 return true
147 return true
145 end
148 end
146
149
You need to be logged in to leave comments. Login now