Module: Authpwn::HttpTokenControllerInstanceMethods
- Includes:
- CurrentUser
- Defined in:
- lib/authpwn_rails/http_token.rb
Overview
Included in controllers that call authenticates_using_http_token.
Instance Attribute Summary
Attributes included from CurrentUser
Instance Method Summary collapse
-
#bounce_to_http_token ⇒ Object
Inform the user that their request is forbidden.
Instance Method Details
#bounce_to_http_token ⇒ Object
Inform the user that their request is forbidden.
If a user is logged on, this renders the session/forbidden view with a HTTP 403 code.
If no user is logged in, a HTTP 403 code is returned, together with an HTTP Authentication header causing the user-agent (browser) to initiate http token authentication.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/authpwn_rails/http_token.rb', line 50 def bounce_to_http_token() unless current_user request_http_token_authentication return end respond_to do |format| format.html do render 'session/forbidden', layout: false, status: :forbidden end format.json do render json: { error: "You're not allowed to access that" } end end end |