Module: Authpds::Session

Includes:
Authentication, AuthlogicCallbacks, Authorization, Callbacks, CoreAttributes, ExceptionHandling, InstitutionAttributes, PdsHandle, PdsUser, Record, UrlHandling
Defined in:
lib/authpds/session.rb,
lib/authpds/session/config.rb,
lib/authpds/session/record.rb,
lib/authpds/session/pds_user.rb,
lib/authpds/session/callbacks.rb,
lib/authpds/session/pds_handle.rb,
lib/authpds/session/url_handling.rb,
lib/authpds/session/authorization.rb,
lib/authpds/session/authentication.rb,
lib/authpds/session/core_attributes.rb,
lib/authpds/session/exception_handling.rb,
lib/authpds/session/authlogic_callbacks.rb,
lib/authpds/session/institution_attributes.rb

Overview

Overview

The Authpds gem mixes in callbacks to Authlogic for persisting sessions based on a valid PDS handle. The module extends Authlogic and should be compatible with Authlogic configuation. It also provides hooks for custom functionality. The documentation below describes the hooks available, PDS config methods and further details about the module.

Config Options Available

:pds_url

Base pds url

:calling_system

Name of the system (authpds)

:anonymous

Does the system allow anonymous access? (true)

:pds_attributes

Mapping of PDS attributes to record attributes

:redirect_logout_url

Custom redirect logout url

:login_inaccessible_url

Custom url to redirect to in case of PDS system outage

:pds_record_identifier

PDS user method to call to identify record

:institution_param_key

Querystring parameter key for the institution value in this system

:validate_url_name

URL name for validation action in routes (validate_url)

Hooks Available

:pds_record_identifier

Allows for more complex logic in determining what should be used as the record identifier. Defaults to what was set in the pds_record_identifier config. Returns a Symbol.

:attempt_sso

If there is no PDS handle, can we attempt to establish a PDS session based on some other information? Returns a Boolean.

:additional_authorization

Allows for additions to the authorization decision. Returns a Boolean.

:additional_attributes

Allows for additional attributes to be stored in the record. Returns a Hash.

:expiration_date

Indicates when the record information should be refreshed. Defaults to one week ago. Returns a Date or Time.

Further Implementation Details

Persisting a Session in AuthLogic

When persisting a Session, Authlogic attempts to create the Session based on information available without having to perform an actual login by calling the :persisting? method. Authologic provides several callbacks from the :persisting? method, e.g. :before_persisting, :persist, :after_persisting. We’re using the :persist callback and setting it to :persist_session.

Access to the controller in Session

The class that Session extends, Authologic::Session::Base, has an explicit handle to the current controller via the instance method :controller. This gives our custom instance methods access to cookies, session information, loggers, etc. and also allows them to perform redirects and renders.

:before_login vs. :login_url

:before_login allows for customized processing before the SessionController invokes a redirect or render to a /login page. It is is fully generic and can be used for any custom purposes. :login_url is specific for the case of logging in from a remote sytem. The two methods can be used in conjuction, but any redirects or renders performed in :before_login, will supercede a redirect to :login_url.

Defined Under Namespace

Modules: Authentication, AuthlogicCallbacks, Authorization, Callbacks, Config, CoreAttributes, ExceptionHandling, InstitutionAttributes, PdsHandle, PdsUser, Record, UrlHandling

Class Method Summary collapse

Methods included from UrlHandling

#login_url, #logout_url, #sso_url

Methods included from Record

#get_record, #set_record

Methods included from PdsUser

#pds_user

Methods included from PdsHandle

#pds_handle

Methods included from InstitutionAttributes

#insitution_code, #institution_attributes

Methods included from ExceptionHandling

#alert_the_authorities, #handle_login_exception

Methods included from Callbacks

#additional_attributes, #additional_authorization, #attempt_sso?, #expiration_date, #pds_record_identifier

Methods included from Authorization

#authorize

Methods included from CoreAttributes

#anonymous, #calling_system, #login_inaccessible_url, #pds_attributes, #pds_url, #redirect_logout_url, #validate_url_name

Class Method Details

.included(klass) ⇒ Object 



56
57
58
59
60
61
62
63
64
 
# File 'lib/authpds/session.rb', line 56

def self.included(klass)
  klass.class_eval do
    extend Authpds::Session::Config
    # Set the Authlogic Cookie Key
    cookie_key "#{calling_system}_credentials"
    # Set the persist_session method
    persist :persist_session
  end
end