From feb38c08f5cbda03d540aef83fc056070e4b7b68 Mon Sep 17 00:00:00 2001
From:  <jlsharps@mit.edu>
Date: Tue, 7 Aug 2007 19:16:04 -0400
Subject: [PATCH] The user model has been modified so that it stores the user
 object itself in the session[:user]. Session[:user_id] fulfills the purpose
 of holding the specific id. the test files were also modified to account for
 the changes. In addition, a couple lines in the SiteController#index method
 were updated tp utilize new funtionality of ActiveRecord. The changes I made
 to the Authenitcated user library is available
 here:http://technoweenie.stikipad.com/plugins/show/Storing+the+User+Model+in+the+Session.

---
 app/controllers/account_controller.rb      |  6 +++---
 app/controllers/site_controller.rb         | 10 ++++++----
 app/models/user.rb                         |  3 ++-
 lib/authenticated_system.rb                |  7 ++++---
 lib/authenticated_test_helper.rb           |  2 +-
 test/functional/account_controller_test.rb | 16 +++++++++-------
 6 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index c13203b..031368b 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -19,7 +19,7 @@ class AccountController < ApplicationController
         self.current_user.remember_me
         cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
       end
-      redirect_back_or_default(:controller => '/account', :action => 'index')
+      redirect_back_or_default(:controller => '/site', :action => 'index')
       flash[:notice] = "Logged in successfully"
     end
   end
@@ -29,7 +29,7 @@ class AccountController < ApplicationController
     return unless request.post?
     @user.save!
     self.current_user = @user
-    redirect_back_or_default(:controller => '/account', :action => 'index')
+    redirect_back_or_default(:controller => '/site', :action => 'index')
     flash[:notice] = "Thanks for signing up!"
   rescue ActiveRecord::RecordInvalid
     render :action => 'signup'
@@ -40,6 +40,6 @@ class AccountController < ApplicationController
     cookies.delete :auth_token
     reset_session
     flash[:notice] = "You have been logged out."
-    redirect_back_or_default(:controller => '/account', :action => 'index')
+    redirect_back_or_default(:controller => '/site', :action => 'index')
   end
 end
diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index f6b36a7..7768322 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -5,10 +5,11 @@ class SiteController < ApplicationController
   def index
     @quickvotes = QuickVote.find(:all, ["quickvote = 1"]).sort {|a,b| b.enddate <=> a.enddate}[0..1]
     # if the person claims they are logged in
-    if session[:user]
-
+   
+    if logged_in?
       # check to see that we actually have record of them
-      if User.find(:all, ["id = ?", session[:user].id]).length == 1
+      if User.exists?(session[:user])
+        username = User.find(session[:user]).login
         # if we have record of them, grab the list of their elections
         session[:user] = User.find(session[:user])
         @current_elections = session[:user].elections.sort do |a,b|
@@ -16,8 +17,9 @@ class SiteController < ApplicationController
         end
       else
         # if we have no record of them, set the session id back to
-	# nothing and start again
+	      # nothing and start again
         session[:user] = nil
+        
       end
     end
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index 64fd71c..78266ad 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,7 +4,8 @@ class User < ActiveRecord::Base
 
   # Virtual attribute for the unencrypted password
   attr_accessor :password
-
+  attr_accessor :current_user
+  
   validates_presence_of     :login, :email
   validates_presence_of     :password,                   :if => :password_required?
   validates_presence_of     :password_confirmation,      :if => :password_required?
diff --git a/lib/authenticated_system.rb b/lib/authenticated_system.rb
index 840d89a..370a3e9 100644
--- a/lib/authenticated_system.rb
+++ b/lib/authenticated_system.rb
@@ -3,17 +3,18 @@ module AuthenticatedSystem
     # Returns true or false if the user is logged in.
     # Preloads @current_user with the user model if they're logged in.
     def logged_in?
-      current_user != :false
+      (@current_user ||= session[:user_id] ? User.find_by_id(session[:user_id]) : :false).is_a?(User)
     end
     
     # Accesses the current user from the session.
     def current_user
-      @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false
+      @current_user if logged_in?
     end
     
     # Store the given user in the session.
     def current_user=(new_user)
-      session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
+      session[:user] = new_user
+      session[:user_id] = new_user.nil? ? nil : new_user.id
       @current_user = new_user
     end
     
diff --git a/lib/authenticated_test_helper.rb b/lib/authenticated_test_helper.rb
index a704035..83fc20c 100644
--- a/lib/authenticated_test_helper.rb
+++ b/lib/authenticated_test_helper.rb
@@ -1,7 +1,7 @@
 module AuthenticatedTestHelper
   # Sets the current user in the session from the user fixtures.
   def login_as(user)
-    @request.session[:user] = user ? users(user).id : nil
+    @request.session[:user_id] = user ? users(user).id : nil
   end
 
   def content_type(type)
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 3c8cd22..21e20ac 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -25,22 +25,23 @@ class AccountControllerTest < Test::Unit::TestCase
 
   def test_should_fail_login_and_not_redirect
     post :login, :login => 'quentin', :password => 'bad password'
-    assert_nil session[:user]
-    assert_response :success
+        assert_nil session[:user]
+        assert_nil session[:user_id]
+        assert_response :success
   end
 
   def test_should_allow_signup
     assert_difference User, :count do
-      create_user
-      assert_response :redirect
+    create_user
+    assert_response :redirect
     end
   end
 
   def test_should_require_login_on_signup
     assert_no_difference User, :count do
-      create_user(:login => nil)
-      assert assigns(:user).errors.on(:login)
-      assert_response :success
+    create_user(:login => nil)
+    assert assigns(:user).errors.on(:login)
+    assert_response :success
     end
   end
 
@@ -72,6 +73,7 @@ class AccountControllerTest < Test::Unit::TestCase
     login_as :quentin
     get :logout
     assert_nil session[:user]
+    assert_nil session[:user_id]
     assert_response :redirect
   end
 
-- 
2.30.2