Merge branch '22-alerts-can-be-accessed-without-prior-authentication' into 'develop'

AJAX auth and navbar change Closes #22 and #18 See merge request !3
author: Patrick J Cherry <patrick@bytemark.co.uk> 2017-09-12 16:39:01 +0100
committer: Patrick J Cherry <patrick@bytemark.co.uk> 2017-09-12 16:39:01 +0100
commit: d115cd9e58300ee8ab580e6d1d3d6e8d35cb8845 (patch)
tree: bc281a0b23153378579e24d0f10218069bb34faf /lib
parent: 4eff930c3f01414bb454d7bcb5501827cb60289b (diff)
parent: 44636adb743dbe538a059a8dd34485a678018f0b (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb
index 5fa1fb8..3bad868 100644
--- a/lib/mauve/web_interface.rb
+++ b/lib/mauve/web_interface.rb
@@ -123,11 +123,15 @@ EOF
         # Uh-oh.. Intruder alert!
         #
         ok_urls = %w(/ /login /logout)
-        no_redirect_urls = %w(/ajax)
 
-        unless ok_urls.include?(request.path_info) 
-          flash['error'] = "You must be logged in to access that page."
-          redirect "/login?next_page=#{request.path_info}" unless no_redirect_urls.any?{|u| /^#{u}/ =~ request.path_info }
+        unless ok_urls.include?(request.path_info)
+          # No auth, so we need to stop the page loading
+          if request.xhr? # No redirecting for AJAX requests
+            halt 403, {'Content-Type' => 'text/plain'}, 'You must be logged in to access this page.'
+          else
+            flash['error'] = 'You must be logged in to access that page.'
+            redirect "/login?next_page=#{request.path_info}"
+          end
         end
       end      
     end
author	Patrick J Cherry <patrick@bytemark.co.uk>	2017-09-12 16:39:01 +0100
committer	Patrick J Cherry <patrick@bytemark.co.uk>	2017-09-12 16:39:01 +0100
commit	d115cd9e58300ee8ab580e6d1d3d6e8d35cb8845 (patch)
tree	bc281a0b23153378579e24d0f10218069bb34faf /lib
parent	4eff930c3f01414bb454d7bcb5501827cb60289b (diff)
parent	44636adb743dbe538a059a8dd34485a678018f0b (diff)