From 16d0196c7b8d9a18021a54f75a9652123350c1e6 Mon Sep 17 00:00:00 2001 From: Phil Manavopoulos Date: Tue, 12 Sep 2017 16:05:37 +0100 Subject: Fix AJAX authentication --- lib/mauve/web_interface.rb | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/mauve/web_interface.rb b/lib/mauve/web_interface.rb index 5fa1fb8..3bad868 100644 --- a/lib/mauve/web_interface.rb +++ b/lib/mauve/web_interface.rb @@ -123,11 +123,15 @@ EOF # Uh-oh.. Intruder alert! # ok_urls = %w(/ /login /logout) - no_redirect_urls = %w(/ajax) - unless ok_urls.include?(request.path_info) - flash['error'] = "You must be logged in to access that page." - redirect "/login?next_page=#{request.path_info}" unless no_redirect_urls.any?{|u| /^#{u}/ =~ request.path_info } + unless ok_urls.include?(request.path_info) + # No auth, so we need to stop the page loading + if request.xhr? # No redirecting for AJAX requests + halt 403, {'Content-Type' => 'text/plain'}, 'You must be logged in to access this page.' + else + flash['error'] = 'You must be logged in to access that page.' + redirect "/login?next_page=#{request.path_info}" + end end end end -- cgit v1.2.1