Class: Authgasm::Session::Base

Inherits:

Object

• Object
• Authgasm::Session::Base

Includes:

ActiveRecordTrickery, Callbacks, Config

Defined in:

lib/authgasm/session/base.rb,
lib/authgasm.rb

Overview

Base

This is the muscle behind Authgasm. For detailed information on how to use this please refer to the README. For detailed method explanations see below.

Constant Summary

Constants included from Callbacks

Callbacks::CALLBACKS

Instance Attribute Summary

• #id ⇒ Object

  Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time.

• #login_with ⇒ Object

  Returns the value of attribute login_with.

• #new_session ⇒ Object

  Returns the value of attribute new_session.

• #record ⇒ Object readonly

  Returns the value of attribute record.

• #unauthorized_record ⇒ Object

  Returns the value of attribute unauthorized_record.

Class Method Summary

• .activated? ⇒ Boolean

  Returns true if a controller have been set and can be used properly.

• .controller ⇒ Object

  :nodoc:.

• .controller=(value) ⇒ Object

  :nodoc:.

• .create(*args) ⇒ Object

  A convenince method.

• .create!(*args) ⇒ Object

  Same as create but calls create!, which raises an exception when authentication fails.

• .find(id = nil) ⇒ Object

  Finds your session by session, then cookie, and finally basic http auth.

• .klass ⇒ Object

  :nodoc:.

• .klass_name ⇒ Object

  :nodoc:.

Instance Method Summary

• #credentials ⇒ Object

  Your login credentials in hash format.

• #credentials=(values) ⇒ Object

  Lets you set your loging and password via a hash format.

• #destroy ⇒ Object

  Resets everything, your errors, record, cookies, and session.

• #errors ⇒ Object

  The errors in Authgasm work JUST LIKE ActiveRecord.

• #initialize(*args) ⇒ Base constructor

  You can initialize a session by doing any of the following:.

• #inspect ⇒ Object

  :nodoc:.

• #new_session? ⇒ Boolean

  Similar to ActiveRecord’s new_record? Returns true if the session has not been saved yet.

• #remember_me ⇒ Object

  :nodoc:.

• #remember_me=(value) ⇒ Object

  Accepts a boolean as a flag to remember the session or not.

• #remember_me? ⇒ Boolean

  Allows users to be remembered via a cookie.

• #remember_me_until ⇒ Object

  When to expire the cookie.

• #save ⇒ Object

  Creates / updates a new user session for you.

• #save! ⇒ Object

  Same as save but raises an exception when authentication fails.

• #valid? ⇒ Boolean
• #valid_cookie? ⇒ Boolean
• #valid_http_auth? ⇒ Boolean
• #valid_session? ⇒ Boolean

Methods included from Config

included

Methods included from Callbacks

#destroy_with_callbacks, included, #save_with_callbacks, #valid_with_callbacks?, #validate_credentials_with_callbacks

Methods included from ActiveRecordTrickery

included

Constructor Details

#initialize(*args) ⇒ Base

You can initialize a session by doing any of the following:

UserSession.new
UserSession.new(login, password)
UserSession.new(:login => login, :password => password)
UserSession.new(User.first)

If a user has more than one session you need to pass an id so that Authgasm knows how to differentiate the sessions. The id MUST be a Symbol.

UserSession.new(:my_id)
UserSession.new(login, password, :my_id)
UserSession.new({:login => loing, :password => password}, :my_id)
UserSession.new(User.first, :my_id)

Ids are rarely used, but they can be useful. For example, what if users allow other users to login into their account via proxy? Now that user can “technically” be logged into 2 accounts at once. To solve this just pass a id called :proxy, or whatever you want. Authgasm will separate everything out.

Raises:

• (NotActivated)

# File 'lib/authgasm/session/base.rb', line 107

def initialize(*args)
  raise NotActivated.new(self) unless self.class.activated?
  
  create_configurable_methods!
  
  self.id = args.pop if args.last.is_a?(Symbol)
  
  case args.size
  when 1
    credentials_or_record = args.first
    case credentials_or_record
    when Hash
      self.credentials = credentials_or_record
    else
      self.unauthorized_record = credentials_or_record
    end
  else
    send("#{login_field}=", args[0]) if args.size > 0
    send("#{password_field}=", args[1]) if args.size > 1
    self.remember_me = args[2] if args.size > 2
  end
end

Instance Attribute Details

#id ⇒ Object

Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time. A good example when this might be needed is when you want to have a normal user session and a “secure” user session. The secure user session would be created only when they want to modify their billing information, or other sensative information. Similar to me.com. This requires 2 user sessions. Just use an id for the “secure” session and you should be good.

You can set the id a number of ways:

session = Session.new(:secure)
session = Session.new("username", "password", :secure)
session = Session.new({:username => "username", :password => "password"}, :secure)
session.id = :secure

Just be sure and set your id before you validate / create / update your session.

# File 'lib/authgasm/session/base.rb', line 184

def id
  @id
end

#login_with ⇒ Object

Returns the value of attribute login_with.

# File 'lib/authgasm/session/base.rb', line 87

def login_with
  @login_with
end

#new_session ⇒ Object

Returns the value of attribute new_session.

# File 'lib/authgasm/session/base.rb', line 87

def new_session
  @new_session
end

#record ⇒ Object (readonly)

Returns the value of attribute record.

# File 'lib/authgasm/session/base.rb', line 88

def record
  @record
end

#unauthorized_record ⇒ Object

Returns the value of attribute unauthorized_record.

# File 'lib/authgasm/session/base.rb', line 88

def unauthorized_record
  @unauthorized_record
end

Class Method Details

.activated? ⇒ Boolean

Returns true if a controller have been set and can be used properly. This MUST be set before anything can be done. Similar to how ActiveRecord won’t allow you to do anything without establishing a DB connection. By default this is done for you automatically, but if you are using Authgasm in a unique way outside of rails, you need to assign a controller object to Authgasm via Authgasm::Session::Base.controller = obj.

Returns:

• (Boolean)

# File 'lib/authgasm/session/base.rb', line 13

def activated?
  !controller.blank?
end

.controller ⇒ Object

:nodoc:

# File 'lib/authgasm/session/base.rb', line 21

def controller # :nodoc:
  controllers[Thread.current]
end

.controller=(value) ⇒ Object

:nodoc:

# File 'lib/authgasm/session/base.rb', line 17

def controller=(value) # :nodoc:
  controllers[Thread.current] = value
end

.create(*args) ⇒ Object

A convenince method. The same as:

session = UserSession.new
session.create

# File 'lib/authgasm/session/base.rb', line 29

def create(*args)
  session = new(*args)
  session.save
end

.create!(*args) ⇒ Object

Same as create but calls create!, which raises an exception when authentication fails

# File 'lib/authgasm/session/base.rb', line 35

def create!(*args)
  session = new(*args)
  session.save!
end

.find(id = nil) ⇒ Object

Finds your session by session, then cookie, and finally basic http auth. Perfect for that global before_filter to find your logged in user:

before_filter :load_user

def load_user
  @user_session = UserSession.find
  @current_user = @user_session && @user_session.record
end

Accepts a single parameter as the id. See initialize for more information on ids. Lastly, how it finds the session can be modified via configuration.

# File 'lib/authgasm/session/base.rb', line 50

def find(id = nil)
  args = [id].compact
  session = new(*args)
  find_with.each do |find_method|
    if session.send("valid_#{find_method}?")
      if session.record.class.column_names.include?("last_request_at")
        session.record.last_request_at = Time.now
        session.record.save_without_session_maintenance(false)
      end
      return session
    end
  end
  nil
end

.klass ⇒ Object

:nodoc:

# File 'lib/authgasm/session/base.rb', line 65

def klass # :nodoc:
  @klass ||=
    if klass_name
      klass_name.constantize
    else
      nil
    end
end

.klass_name ⇒ Object

:nodoc:

# File 'lib/authgasm/session/base.rb', line 74

def klass_name # :nodoc:
  @klass_name ||= 
    if guessed_name = name.scan(/(.*)Session/)[0]
      @klass_name = guessed_name[0]
    end
end

Instance Method Details

#credentials ⇒ Object

Your login credentials in hash format. Usually => “my login”, :password => “<protected>” depending on your configuration. Password is protected as a security measure. The raw password should never be publicly accessible.

# File 'lib/authgasm/session/base.rb', line 132

def credentials
  {login_field => send(login_field), password_field => "<Protected>"}
end

#credentials=(values) ⇒ Object

Lets you set your loging and password via a hash format. This is “params” safe. It only allows for 3 keys: your login field name, password field name, and remember me.

# File 'lib/authgasm/session/base.rb', line 137

def credentials=(values)
  return if values.blank? || !values.is_a?(Hash)
  values.symbolize_keys!
  [login_field.to_sym, password_field.to_sym, :remember_me].each do |field|
    next if !values.key?(field)
    send("#{field}=", values[field])
  end
end

#destroy ⇒ Object

Resets everything, your errors, record, cookies, and session. Basically “logs out” a user.

# File 'lib/authgasm/session/base.rb', line 147

def destroy
  errors.clear
  @record = nil
  controller.cookies.delete cookie_key
  controller.session[session_key] = nil
  true
end

#errors ⇒ Object

The errors in Authgasm work JUST LIKE ActiveRecord. In fact, it uses the exact same ActiveRecord errors class. Use it the same way:

Example

class UserSession
  before_validation :check_if_awesome

  private
    def check_if_awesome
      errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
      errors.add_to_base("You must be awesome to log in") unless record.awesome?
    end
end

# File 'lib/authgasm/session/base.rb', line 168

def errors
  @errors ||= Errors.new(self)
end

#inspect ⇒ Object

:nodoc:

# File 'lib/authgasm/session/base.rb', line 188

def inspect # :nodoc:
  details = {}
  case login_with
  when :unauthorized_record
    details[:unauthorized_record] = "<protected>"
  else
    details[login_field.to_sym] = send(login_field)
    details[password_field.to_sym] = "<protected>"
  end
  "#<#{self.class.name} #{details.inspect}>"
end

#new_session? ⇒ Boolean

Similar to ActiveRecord’s new_record? Returns true if the session has not been saved yet.

Returns:

• (Boolean)

# File 'lib/authgasm/session/base.rb', line 201

def new_session?
  new_session != false
end

#remember_me ⇒ Object

:nodoc:

# File 'lib/authgasm/session/base.rb', line 205

def remember_me # :nodoc:
  return @remember_me if @set_remember_me
  @remember_me ||= self.class.remember_me
end

#remember_me=(value) ⇒ Object

Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for “remember_me_until”.

# File 'lib/authgasm/session/base.rb', line 211

def remember_me=(value)
  @set_remember_me = true
  @remember_me = value
end

#remember_me? ⇒ Boolean

Allows users to be remembered via a cookie.

Returns:

• (Boolean)

# File 'lib/authgasm/session/base.rb', line 217

def remember_me?
  remember_me == true || remember_me == "true" || remember_me == "1"
end

#remember_me_until ⇒ Object

When to expire the cookie. See remember_me_for configuration option to change this.

# File 'lib/authgasm/session/base.rb', line 222

def remember_me_until
  return unless remember_me?
  remember_me_for.from_now
end

#save ⇒ Object

Creates / updates a new user session for you. It does all of the magic:

1. validates

2. sets session

3. sets cookie

4. updates magic fields

# File 'lib/authgasm/session/base.rb', line 233

def save
  if valid?
    update_session!
    controller.cookies[cookie_key] = {
      :value => record.send(remember_token_field),
      :expires => remember_me_until
    }
    
    record.login_count = record.login_count + 1 if record.respond_to?(:login_count)
    
    if record.respond_to?(:current_login_at)
      record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at)
      record.current_login_at = Time.now
    end
    
    if record.respond_to?(:current_login_ip)
      record.last_login_ip = record.current_login_ip if record.respond_to?(:last_login_ip)
      record.current_login_ip = controller.request.remote_ip
    end
    
    record.save_without_session_maintenance(false)
    
    self.new_session = false
    self
  end
end

#save! ⇒ Object

Same as save but raises an exception when authentication fails

Raises:

• (SessionInvalid)

# File 'lib/authgasm/session/base.rb', line 261

def save!
  result = save
  raise SessionInvalid.new(self) unless result
  result
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authgasm/session/base.rb', line 274

def valid?
  errors.clear
  temp_record = validate_credentials
  if errors.empty?
    @record = temp_record
    return true
  end
  false
end

#valid_cookie? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authgasm/session/base.rb', line 300

def valid_cookie?
  if cookie_credentials
    self.unauthorized_record = klass.send("find_by_#{remember_token_field}", cookie_credentials)
    result = valid?
    if result
      update_session!
      self.new_session = false
      return result
    end
  end
  
  false
end

#valid_http_auth? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authgasm/session/base.rb', line 284

def valid_http_auth?
  controller.authenticate_with_http_basic do |login, password|
    if !login.blank? && !password.blank?
      send("#{login_method}=", login)
      send("#{password_method}=", password)
      result = valid?
      if result
        update_session!
        return result
      end
    end
  end
  
  false
end

#valid_session? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/authgasm/session/base.rb', line 314

def valid_session?
  if session_credentials
    self.unauthorized_record = klass.send("find_by_#{remember_token_field}", cookie_credentials)
    result = valid?
    if result
      self.new_session = false
      return result
    end
  end
  
  false
end