Module: Aikotoba::Authenticatable

Extended by:
ActiveSupport::Concern
Includes:
Protection::SessionFixationAttack
Included in:
SessionsController
Defined in:
app/controllers/concerns/aikotoba/authenticatable.rb

Instance Method Summary collapse

Instance Method Details

#aikotoba_authenticate_by_sessionObject

NOTE: Even if there is already a session, verify that it can be authenticated, and if not, reset the session, in case the session is created and then locked by another browser etc.



25
26
27
28
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 25

def aikotoba_authenticate_by_session
   = Account.authenticatable.find_by(id: session[aikotoba_session_key])
  .tap { || reset_aikotoba_session unless  }
end

#aikotoba_current_accountObject



6
7
8
9
10
11
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 6

def 
  unless defined?(@aikotoba_current_account)
    @aikotoba_current_account ||= aikotoba_authenticate_by_session
  end
  @aikotoba_current_account
end

#aikotoba_sign_in(account) ⇒ Object



13
14
15
16
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 13

def ()
  prevent_session_fixation_attack
  session[aikotoba_session_key] = .id
end

#aikotoba_sign_outObject



18
19
20
21
# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 18

def aikotoba_sign_out
  @aikotoba_current_account = nil
  reset_session
end