Class: Warden::Proxy
- Inherits:
-
Object
- Object
- Warden::Proxy
- Extended by:
- Forwardable
- Includes:
- Mixins::Common
- Defined in:
- lib/warden/proxy.rb,
lib/warden/errors.rb
Defined Under Namespace
Classes: Errors
Constant Summary collapse
- ENV_WARDEN_ERRORS =
'warden.errors'.freeze
- ENV_SESSION_OPTIONS =
'rack.session.options'.freeze
Instance Attribute Summary collapse
-
#config ⇒ Object
readonly
An accessor to the rack env hash, the proxy owner and its config :api: public.
-
#env ⇒ Object
readonly
An accessor to the rack env hash, the proxy owner and its config :api: public.
-
#manager ⇒ Object
readonly
An accessor to the rack env hash, the proxy owner and its config :api: public.
-
#winning_strategies ⇒ Object
readonly
An accessor to the rack env hash, the proxy owner and its config :api: public.
-
#winning_strategy ⇒ Object
An accessor to the winning strategy :api: private.
Instance Method Summary collapse
-
#asset_request? ⇒ Boolean
Check to see if this is an asset request :api: public.
-
#authenticate(*args) ⇒ Object
Run the authentiation strategies for the given strategies.
-
#authenticate!(*args) ⇒ Object
The same as
authenticate
except on failure it will throw an :warden symbol causing the request to be halted and rendered through thefailure_app
. -
#authenticate?(*args) ⇒ Boolean
Same API as authenticated, but returns a boolean instead of a user.
-
#authenticated?(scope = @config.default_scope) ⇒ Boolean
Check to see if there is an authenticated user for the given scope.
-
#clear_strategies_cache!(*args) ⇒ Object
Clear the cache of performed strategies so far.
-
#custom_failure! ⇒ Object
Provides a way to return a 401 without warden defering to the failure app The result is a direct passthrough of your own response :api: public.
-
#custom_failure? ⇒ Boolean
Check to see if the custom failure flag has been set :api: public.
-
#errors ⇒ Object
Lazily initiate errors object in session.
-
#initialize(env, manager) ⇒ Proxy
constructor
:nodoc:.
- #inspect(*args) ⇒ Object
-
#lock! ⇒ Object
Locks the proxy so new users cannot authenticate during the request lifecycle.
-
#logout(*scopes) ⇒ Object
Provides logout functionality.
-
#message ⇒ Object
Proxy through to the authentication strategy to find out the message that was generated.
-
#result ⇒ Object
proxy methods through to the winning strategy :api: private.
-
#session(scope = @config.default_scope) ⇒ Object
Provides a scoped session data for authenticated users.
-
#session_serializer ⇒ Object
Points to a SessionSerializer instance responsible for handling everything related with storing, fetching and removing the user session.
-
#set_user(user, opts = {}) ⇒ Object
Manually set the user into the session and auth proxy.
- #to_s(*args) ⇒ Object
-
#unauthenticated?(scope = @config.default_scope) ⇒ Boolean
Same API as authenticated?, but returns false when authenticated.
-
#user(argument = {}) ⇒ Object
Provides acccess to the user object in a given scope for a request.
Methods included from Mixins::Common
#params, #request, #reset_session!, #warden_cookies
Constructor Details
#initialize(env, manager) ⇒ Proxy
:nodoc:
27 28 29 30 31 32 |
# File 'lib/warden/proxy.rb', line 27 def initialize(env, manager) #:nodoc: @env, @users, @winning_strategies, @locked = env, {}, {}, false @manager, @config = manager, manager.config.dup @strategies = Hash.new { |h,k| h[k] = {} } manager._run_callbacks(:on_request, self) end |
Instance Attribute Details
#config ⇒ Object (readonly)
An accessor to the rack env hash, the proxy owner and its config :api: public
13 14 15 |
# File 'lib/warden/proxy.rb', line 13 def config @config end |
#env ⇒ Object (readonly)
An accessor to the rack env hash, the proxy owner and its config :api: public
13 14 15 |
# File 'lib/warden/proxy.rb', line 13 def env @env end |
#manager ⇒ Object (readonly)
An accessor to the rack env hash, the proxy owner and its config :api: public
13 14 15 |
# File 'lib/warden/proxy.rb', line 13 def manager @manager end |
#winning_strategies ⇒ Object (readonly)
An accessor to the rack env hash, the proxy owner and its config :api: public
13 14 15 |
# File 'lib/warden/proxy.rb', line 13 def winning_strategies @winning_strategies end |
#winning_strategy ⇒ Object
An accessor to the winning strategy :api: private
9 10 11 |
# File 'lib/warden/proxy.rb', line 9 def winning_strategy @winning_strategy end |
Instance Method Details
#asset_request? ⇒ Boolean
Check to see if this is an asset request :api: public
298 299 300 |
# File 'lib/warden/proxy.rb', line 298 def asset_request? ::Warden::asset_paths.any? { |r| env['PATH_INFO'].to_s.match(r) } end |
#authenticate(*args) ⇒ Object
Run the authentiation strategies for the given strategies. If there is already a user logged in for a given scope, the strategies are not run This does not halt the flow of control and is a passive attempt to authenticate only When scope is not specified, the default_scope is assumed.
Parameters:
args - a list of symbols (labels) that name the strategies to attempt
opts - an options hash that contains the :scope of the user to check
Example:
env['warden'].authenticate(:password, :basic, :scope => :sudo)
:api: public
103 104 105 106 |
# File 'lib/warden/proxy.rb', line 103 def authenticate(*args) user, opts = _perform_authentication(*args) user end |
#authenticate!(*args) ⇒ Object
The same as authenticate
except on failure it will throw an :warden symbol causing the request to be halted and rendered through the failure_app
Example
env['warden'].authenticate!(:password, :scope => :publisher) # throws if it cannot authenticate
:api: public
126 127 128 129 130 |
# File 'lib/warden/proxy.rb', line 126 def authenticate!(*args) user, opts = _perform_authentication(*args) throw(:warden, opts) unless user user end |
#authenticate?(*args) ⇒ Boolean
Same API as authenticated, but returns a boolean instead of a user. The difference between this method (authenticate?) and authenticated? is that the former will run strategies if the user has not yet been authenticated, and the second relies on already performed ones. :api: public
113 114 115 116 117 |
# File 'lib/warden/proxy.rb', line 113 def authenticate?(*args) result = !!authenticate(*args) yield if result && block_given? result end |
#authenticated?(scope = @config.default_scope) ⇒ Boolean
Check to see if there is an authenticated user for the given scope. This brings the user from the session, but does not run strategies before doing so. If you want strategies to be run, please check authenticate?.
Parameters:
scope - the scope to check for authentication. Defaults to default_scope
Example:
env['warden'].authenticated?(:admin)
:api: public
143 144 145 146 147 |
# File 'lib/warden/proxy.rb', line 143 def authenticated?(scope = @config.default_scope) result = !!user(scope) yield if block_given? && result result end |
#clear_strategies_cache!(*args) ⇒ Object
Clear the cache of performed strategies so far. Warden runs each strategy just once during the request lifecycle. You can clear the strategies cache if you want to allow a strategy to be run more than once.
This method has the same API as authenticate, allowing you to clear specific strategies for given scope:
Parameters:
args - a list of symbols (labels) that name the strategies to attempt
opts - an options hash that contains the :scope of the user to check
Example:
# Clear all strategies for the configured default_scope
env['warden'].clear_strategies_cache!
# Clear all strategies for the :admin scope
env['warden'].clear_strategies_cache!(:scope => :admin)
# Clear password strategy for the :admin scope
env['warden'].clear_strategies_cache!(:password, :scope => :admin)
:api: public
71 72 73 74 75 76 77 78 |
# File 'lib/warden/proxy.rb', line 71 def clear_strategies_cache!(*args) scope, opts = _retrieve_scope_and_opts(args) @winning_strategies.delete(scope) @strategies[scope].each do |k, v| v.clear! if args.empty? || args.include?(k) end end |
#custom_failure! ⇒ Object
Provides a way to return a 401 without warden defering to the failure app The result is a direct passthrough of your own response :api: public
286 287 288 |
# File 'lib/warden/proxy.rb', line 286 def custom_failure! @custom_failure = true end |
#custom_failure? ⇒ Boolean
Check to see if the custom failure flag has been set :api: public
292 293 294 |
# File 'lib/warden/proxy.rb', line 292 def custom_failure? !!@custom_failure end |
#errors ⇒ Object
Lazily initiate errors object in session. :api: public
36 37 38 |
# File 'lib/warden/proxy.rb', line 36 def errors @env[ENV_WARDEN_ERRORS] ||= Errors.new end |
#inspect(*args) ⇒ Object
302 303 304 |
# File 'lib/warden/proxy.rb', line 302 def inspect(*args) "Warden::Proxy:#{object_id} @config=#{@config.inspect}" end |
#lock! ⇒ Object
Locks the proxy so new users cannot authenticate during the request lifecycle. This is useful when the request cannot be verified (for example, using a CSRF verification token). Notice that already authenticated users are kept as so.
:api: public
86 87 88 |
# File 'lib/warden/proxy.rb', line 86 def lock! @locked = true end |
#logout(*scopes) ⇒ Object
Provides logout functionality. The logout also manages any authenticated data storage and clears it when a user logs out.
Parameters:
scopes - a list of scopes to logout
Example:
# Logout everyone and clear the session
env['warden'].logout
# Logout the default user but leave the rest of the session alone
env['warden'].logout(:default)
# Logout the :publisher and :admin user
env['warden'].logout(:publisher, :admin)
:api: public
254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 |
# File 'lib/warden/proxy.rb', line 254 def logout(*scopes) if scopes.empty? scopes = @users.keys reset_session = true end scopes.each do |scope| user = @users.delete(scope) manager._run_callbacks(:before_logout, user, self, :scope => scope) raw_session.delete("warden.user.#{scope}.session") session_serializer.delete(scope, user) end reset_session! if reset_session end |
#message ⇒ Object
Proxy through to the authentication strategy to find out the message that was generated. :api: public
279 280 281 |
# File 'lib/warden/proxy.rb', line 279 def winning_strategy && winning_strategy. end |
#result ⇒ Object
proxy methods through to the winning strategy :api: private
273 274 275 |
# File 'lib/warden/proxy.rb', line 273 def result # :nodoc: winning_strategy && winning_strategy.result end |
#session(scope = @config.default_scope) ⇒ Object
Provides a scoped session data for authenticated users. Warden manages clearing out this data when a user logs out
Example
# default scope
env['warden'].session[:foo] = "bar"
# :sudo scope
env['warden'].session(:sudo)[:foo] = "bar"
:api: public
232 233 234 235 |
# File 'lib/warden/proxy.rb', line 232 def session(scope = @config.default_scope) raise NotAuthenticated, "#{scope.inspect} user is not logged in" unless authenticated?(scope) raw_session["warden.user.#{scope}.session"] ||= {} end |
#session_serializer ⇒ Object
Points to a SessionSerializer instance responsible for handling everything related with storing, fetching and removing the user session. :api: public
44 45 46 |
# File 'lib/warden/proxy.rb', line 44 def session_serializer @session_serializer ||= Warden::SessionSerializer.new(@env) end |
#set_user(user, opts = {}) ⇒ Object
Manually set the user into the session and auth proxy
Parameters:
user - An object that has been setup to serialize into and out of the session.
opts - An options hash. Use the :scope option to set the scope of the user, set the :store option to false to skip serializing into the session, set the :run_callbacks to false to skip running the callbacks (the default is true).
:api: public
164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/warden/proxy.rb', line 164 def set_user(user, opts = {}) scope = (opts[:scope] ||= @config.default_scope) # Get the default options from the master configuration for the given scope opts = (@config[:scope_defaults][scope] || {}).merge(opts) opts[:event] ||= :set_user @users[scope] = user if opts[:store] != false && opts[:event] != :fetch = env[ENV_SESSION_OPTIONS] [:renew] = true if session_serializer.store(user, scope) end run_callbacks = opts.fetch(:run_callbacks, true) manager._run_callbacks(:after_set_user, user, self, opts) if run_callbacks @users[scope] end |
#to_s(*args) ⇒ Object
306 307 308 |
# File 'lib/warden/proxy.rb', line 306 def to_s(*args) inspect(*args) end |
#unauthenticated?(scope = @config.default_scope) ⇒ Boolean
Same API as authenticated?, but returns false when authenticated. :api: public
151 152 153 154 155 |
# File 'lib/warden/proxy.rb', line 151 def unauthenticated?(scope = @config.default_scope) result = !authenticated?(scope) yield if block_given? && result result end |
#user(argument = {}) ⇒ Object
Provides acccess to the user object in a given scope for a request. Will be nil if not logged in. Please notice that this method does not perform strategies.
Example:
# without scope (default user)
env['warden'].user
# with scope
env['warden'].user(:admin)
# as a Hash
env['warden'].user(:scope => :admin)
# with default scope and run_callbacks option
env['warden'].user(:run_callbacks => false)
# with a scope and run_callbacks option
env['warden'].user(:scope => :admin, :run_callbacks => true)
:api: public
205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 |
# File 'lib/warden/proxy.rb', line 205 def user(argument = {}) opts = argument.is_a?(Hash) ? argument : { :scope => argument } scope = (opts[:scope] ||= @config.default_scope) if @users.has_key?(scope) @users[scope] else unless user = session_serializer.fetch(scope) run_callbacks = opts.fetch(:run_callbacks, true) manager._run_callbacks(:after_failed_fetch, user, self, :scope => scope) if run_callbacks end @users[scope] = user ? set_user(user, opts.merge(:event => :fetch)) : nil end end |