Authentication differs per-environment

Hey everyone.

In my app, I use a before_filter called ‘authorize’ to set up a User
object @current_user for the logged-in user (or reject the client if
I can’t match their credentials). But depending on my environment,
this filter needs to behave differently. In production, it needs to
get the (already-authenticated, through a corporate SSO package)
username from request.env[CUSTOM_KEY]. In development and test, we
can’t get to the SSO, so we just let the client pick a user account
to masquerade as, and put the username into the session.

I found a simple way to do this, but it’s ugly:

(app/controllers/application.rb)
private
def authenticate
if RAILS_ENV == ‘production’
@current_user = User.find_by_eid(request.env[‘CUSTOM_KEY’])
unless @current_user
redirect_to :controller => :login, :action => :unauthorized
end
else
@current_user = User.find_by_eid(session[:fake_eid])
unless @current_user
session[:original_uri] = request.request_uri
flash[:notice] = “Please log in”
redirect_to(:controller => “login”, :action => “login”)
end
end
end

I tried moving some of this code to config/environments/production.rb
(for example), but of course when the configuration is happening,
there is no request or session object, so I couldn’t do something like:

(config/environments/production.rb)
CURRENT_USER = request.env[‘CUSTOM_KEY’]

Does anyone have any suggestions on a cleaner way to do this than the
hardcoded RAILS_ENV in ApplicationController.authenticate?

Many thanks,
Ben


Ben Kimball
[email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs