Class: Authentication::Logic::ControllerAdapters::AbstractAdapter

Inherits:

Object

• Object
• Authentication::Logic::ControllerAdapters::AbstractAdapter

Defined in:

lib/auth/logic/controller_adapters/abstract_adapter.rb

Overview

Allows you to use Authentication::Logic in any framework you want, not just rails. See the RailsAdapter for an example of how to adapt Authentication::Logic to work with your framework.

Direct Known Subclasses

RackAdapter, RailsAdapter, SinatraAdapter::Adapter, TestCase::MockAPIController, TestCase::MockController, TestCase::RailsRequestAdapter

Constant Summary

E_COOKIE_DOMAIN_ADAPTER =

"The cookie_domain method has not been " \
"implemented by the controller adapter"

ENV_SESSION_OPTIONS =

"rack.session.options"

Instance Attribute Summary

• #controller ⇒ Object

  Returns the value of attribute controller.

Instance Method Summary

• #authenticate_with_http_basic ⇒ Object
• #cookie_domain ⇒ Object
• #cookies ⇒ Object
• #initialize(controller) ⇒ AbstractAdapter constructor

  A new instance of AbstractAdapter.

• #last_request_update_allowed? ⇒ Boolean

  You can disable the updating of last_request_at on a per-controller basis.

• #params ⇒ Object
• #renew_session_id ⇒ Object

  Inform Rack that we would like a new session ID to be assigned.

• #request ⇒ Object
• #request_content_type ⇒ Object
• #respond_to_missing?(*args) ⇒ Boolean
• #responds_to_single_access_allowed? ⇒ Boolean
• #session ⇒ Object
• #single_access_allowed? ⇒ Boolean

Constructor Details

#initialize(controller) ⇒ AbstractAdapter

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 16

def initialize(controller)
  self.controller = controller
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(id, *args, &block) ⇒ Object (private)

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 115

def method_missing(id, *args, &block)
  controller.send(id, *args, &block)
end

Instance Attribute Details

#controller ⇒ Object

Returns the value of attribute controller.

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 14

def controller
  @controller
end

Instance Method Details

#authenticate_with_http_basic ⇒ Object

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 20

def authenticate_with_http_basic
  @auth = Rack::Auth::Basic::Request.new(controller.request.env)
  if @auth.provided? && @auth.basic?
    yield(*@auth.credentials)
  else
    false
  end
end

#cookie_domain ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 33

def cookie_domain
  raise NotImplementedError, E_COOKIE_DOMAIN_ADAPTER
end

#cookies ⇒ Object

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 29

def cookies
  controller.cookies
end

#last_request_update_allowed? ⇒ Boolean

You can disable the updating of last_request_at on a per-controller basis.

# in your controller
def last_request_update_allowed?
  false
end

For example, what if you had a javascript function that polled the server updating how much time is left in their session before it times out. Obviously you would want to ignore this request, because then the user would never time out. So you can do something like this in your controller:

def last_request_update_allowed?
  action_name != "update_session_time_left"
end

See auth/logic/session/magic_columns.rb to learn more about the last_request_at column itself.

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 101

def last_request_update_allowed?
  if controller.respond_to?(:last_request_update_allowed?, true)
    controller.send(:last_request_update_allowed?)
  else
    true
  end
end

#params ⇒ Object

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 37

def params
  controller.params
end

#renew_session_id ⇒ Object

Inform Rack that we would like a new session ID to be assigned. Changes the ID, but not the contents of the session.

The :renew option is read by rack/session/abstract/id.rb.

This is how Devise (via warden) implements defense against Session Fixation. Our implementation is copied directly from the warden gem (set_user in warden/proxy.rb)

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 57

def renew_session_id
  env = request.env
  options = env[ENV_SESSION_OPTIONS]
  return unless options

  if options.frozen?
    env[ENV_SESSION_OPTIONS] = options.merge(renew: true).freeze
  else
    options[:renew] = true
  end
end

#request ⇒ Object

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 41

def request
  controller.request
end

#request_content_type ⇒ Object

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 45

def request_content_type
  request.content_type
end

#respond_to_missing?(*args) ⇒ Boolean

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 109

def respond_to_missing?(*args)
  super(*args) || controller.respond_to?(*args)
end

#responds_to_single_access_allowed? ⇒ Boolean

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 73

def responds_to_single_access_allowed?
  controller.respond_to?(:single_access_allowed?, true)
end

#session ⇒ Object

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 69

def session
  controller.session
end

#single_access_allowed? ⇒ Boolean

# File 'lib/auth/logic/controller_adapters/abstract_adapter.rb', line 77

def single_access_allowed?
  controller.send(:single_access_allowed?)
end