Hey everyone.
In my app, I use a before_filter called 'authorize' to set up a User object @current_user for the logged-in user (or reject the client if I can't match their credentials). But depending on my environment, this filter needs to behave differently. In production, it needs to get the (already-authenticated, through a corporate SSO package) username from request.env[CUSTOM_KEY]. In development and test, we can't get to the SSO, so we just let the client pick a user account to masquerade as, and put the username into the session.
I found a simple way to do this, but it's ugly:
(app/controllers/application.rb) private def authenticate if RAILS_ENV == 'production' @current_user = User.find_by_eid(request.env['CUSTOM_KEY']) unless @current_user redirect_to :controller => :login, :action => :unauthorized end else @current_user = User.find_by_eid(session[:fake_eid]) unless @current_user session[:original_uri] = request.request_uri flash[:notice] = "Please log in" redirect_to(:controller => "login", :action => "login") end end end
I tried moving some of this code to config/environments/production.rb (for example), but of course when the configuration is happening, there is no request or session object, so I couldn't do something like:
(config/environments/production.rb) CURRENT_USER = request.env['CUSTOM_KEY']
Does anyone have any suggestions on a cleaner way to do this than the hardcoded RAILS_ENV in ApplicationController.authenticate?
Many thanks, Ben