Module: Keycard::ControllerMethods

Defined in:
lib/keycard/controller_methods.rb

Overview

Mixin for conveniences in controllers.

These methods depend on a ‘notary` method in your controller that returns a configured Notary instance.

Constant Summary collapse

DEFAULT_SESSION_TIMEOUT =

The default session timeout is 24 hours, in seconds.

60 * 60 * 24

Instance Method Summary collapse

Instance Method Details

#authenticate!Object

Require that some authentication method successfully identifies a user/account, raising an exception if there is a failure for active credentials or no applicable credentials are presented.

Returns:

  • nil

Raises:



55
56
57
58
 
# File 'lib/keycard/controller_methods.rb', line 55

def authenticate!
  raise AuthenticationFailed if authentication.failed?
  raise AuthenticationRequired unless authentication.authenticated?
end

#auto_login(account) ⇒ Object

Log an account in without checking any credentials, starting a session.

Parameters:

  • account (User|Account)

    the user/account object to consider current; must have an #id property.



76
77
78
79
 
# File 'lib/keycard/controller_methods.rb', line 76

def ()
  request.env["keycard.authentication"] = notary.waive()
  setup_session
end

#current_userUser/Account

Retrieve the user/account to which the current request is attributed.

Returns:

  • (User/Account)

    the user/account that has been authenticated; nil if no one is logged in



25
26
27
 
# File 'lib/keycard/controller_methods.rb', line 25

def current_user
  authentication.
end

#logged_in?Boolean

Check whether the current request is authenticated as coming from a known person or account.

Returns:

  • (Boolean)

    true if any of the Notary‘s configured authentication methods succeeds



17
18
19
 
# File 'lib/keycard/controller_methods.rb', line 17

def logged_in?
  authentication.authenticated?
end

#login(**credentials) ⇒ Boolean

Attempt to authenticate, optionally with user-supplied credentials, and establish a session.

Parameters:

  • credentials (Hash|kwargs)

    user-supplied credentials that will be passed to each authentication method

Returns:

  • (Boolean)

    whether the login attempt was successful



66
67
68
69
70
 
# File 'lib/keycard/controller_methods.rb', line 66

def (**credentials)
  authentication(credentials).authenticated?.tap do |success|
    setup_session if success
  end
end

#logoutObject

Clear authentication status and terminate any open session.



82
83
84
85
 
# File 'lib/keycard/controller_methods.rb', line 82

def logout
  request.env["keycard.authentication"] = notary.reject
  reset_session
end

#validate_sessionObject

Validate the session, resetting it if expired.

This should be called as a before_action before #authenticate! when working with session-based logins. It preserves a CSRF token, if present, so login forms and the like will pass forgery protection.



34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/keycard/controller_methods.rb', line 34

def validate_session
  csrf_token = session[:_csrf_token]
  elapsed = begin
              Time.now - Time.at(session[:timestamp] || 0)
            rescue StandardError
              session_timeout
            end
  reset_session if elapsed >= session_timeout
  session[:_csrf_token] = csrf_token
  session[:timestamp] = Time.now.to_i if session.key?(:timestamp)
end