In my app, I use a before_filter called 'authorize' to set up a User object @current_user for the logged-in user (or reject the client if I can't match their credentials). But depending on my environment, this filter needs to behave differently. In production, it needs to get the (already-authenticated, through a corporate SSO package) username from request.env[CUSTOM_KEY]. In development and test, we can't get to the SSO, so we just let the client pick a user account to masquerade as, and put the username into the session.
I found a simple way to do this, but it's ugly:
if RAILS_ENV == 'production'
@current_user = User.find_by_eid(request.env['CUSTOM_KEY'])
redirect_to :controller => :login, :action => :unauthorized
@current_user = User.find_by_eid(session[:fake_eid])
session[:original_uri] = request.request_uri
flash[:notice] = "Please log in"
redirect_to(:controller => "login", :action => "login")
I tried moving some of this code to config/environments/production.rb (for example), but of course when the configuration is happening, there is no request or session object, so I couldn't do something like:
CURRENT_USER = request.env['CUSTOM_KEY']
Does anyone have any suggestions on a cleaner way to do this than the hardcoded RAILS_ENV in ApplicationController.authenticate?