Class: Authgasm::Session::Base
- Inherits:
-
Object
- Object
- Authgasm::Session::Base
- Includes:
- ActiveRecordTrickery, Callbacks, Config
- Defined in:
- lib/authgasm/session/base.rb,
lib/authgasm.rb
Overview
Base
This is the muscle behind Authgasm. For detailed information on how to use this please refer to the README. For detailed method explanations see below.
Constant Summary
Constants included from Callbacks
Instance Attribute Summary collapse
-
#id ⇒ Object
Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time.
-
#login_with ⇒ Object
Returns the value of attribute login_with.
-
#new_session ⇒ Object
Returns the value of attribute new_session.
-
#record ⇒ Object
readonly
Returns the value of attribute record.
-
#unauthorized_record ⇒ Object
Returns the value of attribute unauthorized_record.
Class Method Summary collapse
-
.activated? ⇒ Boolean
Returns true if a controller have been set and can be used properly.
-
.controller ⇒ Object
:nodoc:.
-
.controller=(value) ⇒ Object
:nodoc:.
-
.create(*args) ⇒ Object
A convenince method.
-
.create!(*args) ⇒ Object
Same as create but calls create!, which raises an exception when authentication fails.
-
.find(id = nil) ⇒ Object
Finds your session by session, then cookie, and finally basic http auth.
-
.klass ⇒ Object
:nodoc:.
-
.klass_name ⇒ Object
:nodoc:.
Instance Method Summary collapse
-
#credentials ⇒ Object
Your login credentials in hash format.
-
#credentials=(values) ⇒ Object
Lets you set your loging and password via a hash format.
-
#destroy ⇒ Object
Resets everything, your errors, record, cookies, and session.
-
#errors ⇒ Object
The errors in Authgasm work JUST LIKE ActiveRecord.
-
#initialize(*args) ⇒ Base
constructor
You can initialize a session by doing any of the following:.
-
#inspect ⇒ Object
:nodoc:.
-
#new_session? ⇒ Boolean
Similar to ActiveRecord’s new_record? Returns true if the session has not been saved yet.
-
#remember_me ⇒ Object
:nodoc:.
-
#remember_me=(value) ⇒ Object
Accepts a boolean as a flag to remember the session or not.
-
#remember_me? ⇒ Boolean
Allows users to be remembered via a cookie.
-
#remember_me_until ⇒ Object
When to expire the cookie.
-
#save ⇒ Object
Creates / updates a new user session for you.
-
#save! ⇒ Object
Same as save but raises an exception when authentication fails.
- #valid? ⇒ Boolean
- #valid_cookie? ⇒ Boolean
- #valid_http_auth? ⇒ Boolean
- #valid_session? ⇒ Boolean
Methods included from Config
Methods included from Callbacks
#destroy_with_callbacks, included, #save_with_callbacks, #valid_with_callbacks?, #validate_credentials_with_callbacks
Methods included from ActiveRecordTrickery
Constructor Details
#initialize(*args) ⇒ Base
You can initialize a session by doing any of the following:
UserSession.new
UserSession.new(login, password)
UserSession.new(:login => login, :password => password)
UserSession.new(User.first)
If a user has more than one session you need to pass an id so that Authgasm knows how to differentiate the sessions. The id MUST be a Symbol.
UserSession.new(:my_id)
UserSession.new(login, password, :my_id)
UserSession.new({:login => loing, :password => password}, :my_id)
UserSession.new(User.first, :my_id)
Ids are rarely used, but they can be useful. For example, what if users allow other users to login into their account via proxy? Now that user can “technically” be logged into 2 accounts at once. To solve this just pass a id called :proxy, or whatever you want. Authgasm will separate everything out.
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/authgasm/session/base.rb', line 107 def initialize(*args) raise NotActivated.new(self) unless self.class.activated? create_configurable_methods! self.id = args.pop if args.last.is_a?(Symbol) case args.size when 1 credentials_or_record = args.first case credentials_or_record when Hash self.credentials = credentials_or_record else self. = credentials_or_record end else send("#{login_field}=", args[0]) if args.size > 0 send("#{password_field}=", args[1]) if args.size > 1 self.remember_me = args[2] if args.size > 2 end end |
Instance Attribute Details
#id ⇒ Object
Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time. A good example when this might be needed is when you want to have a normal user session and a “secure” user session. The secure user session would be created only when they want to modify their billing information, or other sensative information. Similar to me.com. This requires 2 user sessions. Just use an id for the “secure” session and you should be good.
You can set the id a number of ways:
session = Session.new(:secure)
session = Session.new("username", "password", :secure)
session = Session.new({:username => "username", :password => "password"}, :secure)
session.id = :secure
Just be sure and set your id before you validate / create / update your session.
184 185 186 |
# File 'lib/authgasm/session/base.rb', line 184 def id @id end |
#login_with ⇒ Object
Returns the value of attribute login_with.
87 88 89 |
# File 'lib/authgasm/session/base.rb', line 87 def login_with @login_with end |
#new_session ⇒ Object
Returns the value of attribute new_session.
87 88 89 |
# File 'lib/authgasm/session/base.rb', line 87 def new_session @new_session end |
#record ⇒ Object (readonly)
Returns the value of attribute record.
88 89 90 |
# File 'lib/authgasm/session/base.rb', line 88 def record @record end |
#unauthorized_record ⇒ Object
Returns the value of attribute unauthorized_record.
88 89 90 |
# File 'lib/authgasm/session/base.rb', line 88 def @unauthorized_record end |
Class Method Details
.activated? ⇒ Boolean
Returns true if a controller have been set and can be used properly. This MUST be set before anything can be done. Similar to how ActiveRecord won’t allow you to do anything without establishing a DB connection. By default this is done for you automatically, but if you are using Authgasm in a unique way outside of rails, you need to assign a controller object to Authgasm via Authgasm::Session::Base.controller = obj.
13 14 15 |
# File 'lib/authgasm/session/base.rb', line 13 def activated? !controller.blank? end |
.controller ⇒ Object
:nodoc:
21 22 23 |
# File 'lib/authgasm/session/base.rb', line 21 def controller # :nodoc: controllers[Thread.current] end |
.controller=(value) ⇒ Object
:nodoc:
17 18 19 |
# File 'lib/authgasm/session/base.rb', line 17 def controller=(value) # :nodoc: controllers[Thread.current] = value end |
.create(*args) ⇒ Object
A convenince method. The same as:
session = UserSession.new
session.create
29 30 31 32 |
# File 'lib/authgasm/session/base.rb', line 29 def create(*args) session = new(*args) session.save end |
.create!(*args) ⇒ Object
Same as create but calls create!, which raises an exception when authentication fails
35 36 37 38 |
# File 'lib/authgasm/session/base.rb', line 35 def create!(*args) session = new(*args) session.save! end |
.find(id = nil) ⇒ Object
Finds your session by session, then cookie, and finally basic http auth. Perfect for that global before_filter to find your logged in user:
before_filter :load_user
def load_user
@user_session = UserSession.find
@current_user = @user_session && @user_session.record
end
Accepts a single parameter as the id. See initialize for more information on ids. Lastly, how it finds the session can be modified via configuration.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'lib/authgasm/session/base.rb', line 50 def find(id = nil) args = [id].compact session = new(*args) find_with.each do |find_method| if session.send("valid_#{find_method}?") if session.record.class.column_names.include?("last_request_at") session.record.last_request_at = Time.now session.record.save_without_session_maintenance(false) end return session end end nil end |
.klass ⇒ Object
:nodoc:
65 66 67 68 69 70 71 72 |
# File 'lib/authgasm/session/base.rb', line 65 def klass # :nodoc: @klass ||= if klass_name klass_name.constantize else nil end end |
.klass_name ⇒ Object
:nodoc:
74 75 76 77 78 79 |
# File 'lib/authgasm/session/base.rb', line 74 def klass_name # :nodoc: @klass_name ||= if guessed_name = name.scan(/(.*)Session/)[0] @klass_name = guessed_name[0] end end |
Instance Method Details
#credentials ⇒ Object
Your login credentials in hash format. Usually => “my login”, :password => “<protected>” depending on your configuration. Password is protected as a security measure. The raw password should never be publicly accessible.
132 133 134 |
# File 'lib/authgasm/session/base.rb', line 132 def credentials {login_field => send(login_field), password_field => "<Protected>"} end |
#credentials=(values) ⇒ Object
Lets you set your loging and password via a hash format. This is “params” safe. It only allows for 3 keys: your login field name, password field name, and remember me.
137 138 139 140 141 142 143 144 |
# File 'lib/authgasm/session/base.rb', line 137 def credentials=(values) return if values.blank? || !values.is_a?(Hash) values.symbolize_keys! [login_field.to_sym, password_field.to_sym, :remember_me].each do |field| next if !values.key?(field) send("#{field}=", values[field]) end end |
#destroy ⇒ Object
Resets everything, your errors, record, cookies, and session. Basically “logs out” a user.
147 148 149 150 151 152 153 |
# File 'lib/authgasm/session/base.rb', line 147 def destroy errors.clear @record = nil controller..delete controller.session[session_key] = nil true end |
#errors ⇒ Object
The errors in Authgasm work JUST LIKE ActiveRecord. In fact, it uses the exact same ActiveRecord errors class. Use it the same way:
Example
class UserSession
before_validation :check_if_awesome
private
def check_if_awesome
errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
errors.add_to_base("You must be awesome to log in") unless record.awesome?
end
end
168 169 170 |
# File 'lib/authgasm/session/base.rb', line 168 def errors @errors ||= Errors.new(self) end |
#inspect ⇒ Object
:nodoc:
188 189 190 191 192 193 194 195 196 197 198 |
# File 'lib/authgasm/session/base.rb', line 188 def inspect # :nodoc: details = {} case login_with when :unauthorized_record details[:unauthorized_record] = "<protected>" else details[login_field.to_sym] = send(login_field) details[password_field.to_sym] = "<protected>" end "#<#{self.class.name} #{details.inspect}>" end |
#new_session? ⇒ Boolean
Similar to ActiveRecord’s new_record? Returns true if the session has not been saved yet.
201 202 203 |
# File 'lib/authgasm/session/base.rb', line 201 def new_session? new_session != false end |
#remember_me ⇒ Object
:nodoc:
205 206 207 208 |
# File 'lib/authgasm/session/base.rb', line 205 def remember_me # :nodoc: return @remember_me if @set_remember_me @remember_me ||= self.class.remember_me end |
#remember_me=(value) ⇒ Object
Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for “remember_me_until”.
211 212 213 214 |
# File 'lib/authgasm/session/base.rb', line 211 def remember_me=(value) @set_remember_me = true @remember_me = value end |
#remember_me? ⇒ Boolean
Allows users to be remembered via a cookie.
217 218 219 |
# File 'lib/authgasm/session/base.rb', line 217 def remember_me? remember_me == true || remember_me == "true" || remember_me == "1" end |
#remember_me_until ⇒ Object
When to expire the cookie. See remember_me_for configuration option to change this.
222 223 224 225 |
# File 'lib/authgasm/session/base.rb', line 222 def remember_me_until return unless remember_me? remember_me_for.from_now end |
#save ⇒ Object
Creates / updates a new user session for you. It does all of the magic:
-
validates
-
sets session
-
sets cookie
-
updates magic fields
233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 |
# File 'lib/authgasm/session/base.rb', line 233 def save if valid? update_session! controller.[] = { :value => record.send(remember_token_field), :expires => remember_me_until } record.login_count = record.login_count + 1 if record.respond_to?(:login_count) if record.respond_to?(:current_login_at) record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at) record.current_login_at = Time.now end if record.respond_to?(:current_login_ip) record.last_login_ip = record.current_login_ip if record.respond_to?(:last_login_ip) record.current_login_ip = controller.request.remote_ip end record.save_without_session_maintenance(false) self.new_session = false self end end |
#save! ⇒ Object
Same as save but raises an exception when authentication fails
261 262 263 264 265 |
# File 'lib/authgasm/session/base.rb', line 261 def save! result = save raise SessionInvalid.new(self) unless result result end |
#valid? ⇒ Boolean
274 275 276 277 278 279 280 281 282 |
# File 'lib/authgasm/session/base.rb', line 274 def valid? errors.clear temp_record = validate_credentials if errors.empty? @record = temp_record return true end false end |
#valid_cookie? ⇒ Boolean
300 301 302 303 304 305 306 307 308 309 310 311 312 |
# File 'lib/authgasm/session/base.rb', line 300 def if self. = klass.send("find_by_#{remember_token_field}", ) result = valid? if result update_session! self.new_session = false return result end end false end |
#valid_http_auth? ⇒ Boolean
284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
# File 'lib/authgasm/session/base.rb', line 284 def valid_http_auth? controller.authenticate_with_http_basic do |login, password| if !login.blank? && !password.blank? send("#{login_method}=", login) send("#{password_method}=", password) result = valid? if result update_session! return result end end end false end |
#valid_session? ⇒ Boolean
314 315 316 317 318 319 320 321 322 323 324 325 |
# File 'lib/authgasm/session/base.rb', line 314 def valid_session? if session_credentials self. = klass.send("find_by_#{remember_token_field}", ) result = valid? if result self.new_session = false return result end end false end |