Module: ExvoAuth::Controllers::Base

Defined in:
lib/exvo_auth/controllers/base.rb

Instance Method Summary collapse

Instance Method Details

#auth_hashObject 



94
95
96
 
# File 'lib/exvo_auth/controllers/base.rb', line 94

def auth_hash
  request.env["omniauth.auth"]
end

#authenticate_app_in_scope!(scope) ⇒ Object 



54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/exvo_auth/controllers/base.rb', line 54

def authenticate_app_in_scope!(scope)
  raise("SSL not configured. Your api needs to be exposed using https protocol.") unless request.ssl? || Exvo::Helpers.auth_require_ssl == false

  send(basic_authentication_method_name) do |app_id, access_token|
    current_scopes = ExvoAuth::Autonomous::Provider.new(
      :app_id       => app_id,
      :access_token => access_token
    ).scopes

    @current_app_id = app_id

    current_scopes.include?(scope.to_s)
  end
end

#authenticate_user!(opts = {}) ⇒ Object

A before filter to protect your sensitive actions.



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/exvo_auth/controllers/base.rb', line 3

def authenticate_user!(opts = {})
  unobtrusively_authenticate_user!

  if !signed_in?
    store_request!

    callback_value = params[callback_key]

    if callback_value
      redirect_to (callback_key => callback_value)
    else
      redirect_to opts[:redirect_to] || 
    end
  end
end

#callback_keyObject 



77
78
79
 
# File 'lib/exvo_auth/controllers/base.rb', line 77

def callback_key
  "_callback"
end

#current_app_idObject 



86
87
88
 
# File 'lib/exvo_auth/controllers/base.rb', line 86

def current_app_id
  @current_app_id
end

#current_userObject 



81
82
83
84
 
# File 'lib/exvo_auth/controllers/base.rb', line 81

def current_user
  return @current_user unless @current_user.nil?
  @current_user = session[:user_uid] && find_or_create_user_by_uid(session[:user_uid])
end

#handle_unverified_requestObject

CSRF protection for SSO (weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/)



99
100
101
102
 
# File 'lib/exvo_auth/controllers/base.rb', line 99

def handle_unverified_request
  super
  sign_out_user
end

#sign_in_and_redirect!Object

Omniauth - Usually this method is called from your sessions#create.



32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/exvo_auth/controllers/base.rb', line 32

def 
  set_user_session_from_oauth
  set_user_cookie

  url = if params[:state] == "popup"
    Exvo::Helpers.auth_uri + "/close_popup.html"
  elsif params[:state] # if not popup then an url
    params[:state]
  else
    session[:user_return_to] || "/"
  end

  redirect_to url
end

#sign_in_pathObject 



69
70
71
 
# File 'lib/exvo_auth/controllers/base.rb', line 69

def 
  "/auth/exvo"
end

#sign_out_and_redirect!(return_to = "/") ⇒ Object

Redirect to sign_out_url, signs out and redirects back to “/” (by default). Usuallly this method is called from your sessions#destroy.



49
50
51
52
 
# File 'lib/exvo_auth/controllers/base.rb', line 49

def sign_out_and_redirect!(return_to = "/")
  sign_out_user
  redirect_to sign_out_url(return_to)
end

#sign_up_pathObject 



73
74
75
 
# File 'lib/exvo_auth/controllers/base.rb', line 73

def 
  "/auth/exvo?x_sign_up=true"
end

#signed_in?Boolean

Returns:

  • (Boolean) 


90
91
92
 
# File 'lib/exvo_auth/controllers/base.rb', line 90

def signed_in?
  !!current_user
end

#unobtrusively_authenticate_user!Object

Single Sign On - Authenticate user from cookie if a cookie is present and delete local session if it’s not (this should prevent orphan session problem, when user signs out, but his session remains in one or more apps) unobtrusively means that there is no redirect to Exvo Auth if user is not logged in



23
24
25
26
27
28
29
 
# File 'lib/exvo_auth/controllers/base.rb', line 23

def unobtrusively_authenticate_user!
  if cookies[:user_uid]
    set_user_session_from_cookie
  else
    sign_out_user
  end
end