Module: Aikotoba::Authenticatable
- Extended by:
- ActiveSupport::Concern
- Includes:
- Protection::SessionFixationAttack
- Included in:
- SessionsController
- Defined in:
- app/controllers/concerns/aikotoba/authenticatable.rb
Instance Method Summary collapse
-
#aikotoba_authenticate_by_session ⇒ Object
NOTE: Even if there is already a session, verify that it can be authenticated, and if not, reset the session, in case the session is created and then locked by another browser etc.
- #aikotoba_current_account ⇒ Object
- #aikotoba_sign_in(account) ⇒ Object
- #aikotoba_sign_out ⇒ Object
Instance Method Details
#aikotoba_authenticate_by_session ⇒ Object
NOTE: Even if there is already a session, verify that it can be authenticated, and if not, reset the session, in case the session is created and then locked by another browser etc.
25 26 27 28 |
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 25 def aikotoba_authenticate_by_session account = Account.authenticatable.find_by(id: session[aikotoba_session_key]) account.tap { |account| reset_aikotoba_session unless account } end |
#aikotoba_current_account ⇒ Object
6 7 8 9 10 11 |
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 6 def aikotoba_current_account unless defined?(@aikotoba_current_account) @aikotoba_current_account ||= aikotoba_authenticate_by_session end @aikotoba_current_account end |
#aikotoba_sign_in(account) ⇒ Object
13 14 15 16 |
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 13 def aikotoba_sign_in(account) prevent_session_fixation_attack session[aikotoba_session_key] = account.id end |
#aikotoba_sign_out ⇒ Object
18 19 20 21 |
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 18 def aikotoba_sign_out @aikotoba_current_account = nil reset_session end |