Module: Passwordless::ControllerHelpers

Included in:
SessionsController
Defined in:
lib/passwordless/controller_helpers.rb

Overview

Helpers to work with Passwordless sessions from controllers

Instance Method Summary collapse

Instance Method Details

Deprecated.

Authenticate a record using cookies. Looks for a cookie corresponding to the authenticatable_class. If found try to find it in the database.

Parameters:

  • authenticatable_class (ActiveRecord::Base)

    any Model connected to passwordless. (e.g - User or Admin).

Returns:

  • (ActiveRecord::Base|nil)

    an instance of Model found by id stored in cookies.encrypted or nil if nothing is found.

See Also:



34
35
36
37
38
39
40
41
# File 'lib/passwordless/controller_helpers.rb', line 34

def authenticate_by_cookie(authenticatable_class)
  key = cookie_name(authenticatable_class)
  authenticatable_id = cookies.encrypted[key]

  return authenticatable_class.find_by(id: authenticatable_id) if authenticatable_id

  authenticate_by_session(authenticatable_class)
end

#authenticate_by_session(authenticatable_class) ⇒ ActiveRecord::Base|nil

Authenticate a record using the session. Looks for a session key corresponding to the authenticatable_class. If found try to find it in the database.

Parameters:

  • authenticatable_class (ActiveRecord::Base)

    any Model connected to passwordless. (e.g - User or Admin).

Returns:

  • (ActiveRecord::Base|nil)

    an instance of Model found by id stored in cookies.encrypted or nil if nothing is found.

See Also:



67
68
69
70
# File 'lib/passwordless/controller_helpers.rb', line 67

def authenticate_by_session(authenticatable_class)
  return unless find_passwordless_session_for(authenticatable_class)&.available?
  find_passwordless_session_for(authenticatable_class).authenticatable
end

#build_passwordless_session(authenticatable) ⇒ Session

Build a new Passwordless::Session from an authenticatable record. Set’s ‘user_agent` and `remote_addr` from Rails’ ‘request`.

Parameters:

  • authenticatable (ActiveRecord::Base)

    Instance of an authenticatable Rails model

Returns:

  • (Session)

    the new Session object

See Also:



18
19
20
21
22
23
24
# File 'lib/passwordless/controller_helpers.rb', line 18

def build_passwordless_session(authenticatable)
  Session.new.tap do |us|
    us.remote_addr = request.remote_addr
    us.user_agent = request.env["HTTP_USER_AGENT"]
    us.authenticatable = authenticatable
  end
end

#find_passwordless_session_for(authenticatable_class) ⇒ Session?

Returns the Session (if set) from the session.

Returns:



8
9
10
# File 'lib/passwordless/controller_helpers.rb', line 8

def find_passwordless_session_for(authenticatable_class)
  Passwordless::Session.find_by(id: session[session_key(authenticatable_class)])
end

#redirect_session_key(authenticatable_class) ⇒ Object



141
142
143
# File 'lib/passwordless/controller_helpers.rb', line 141

def redirect_session_key(authenticatable_class)
  :"passwordless_prev_location--#{authenticatable_class_parameterized(authenticatable_class)}"
end

#reset_passwordless_redirect_location!(authenticatable_class) ⇒ String?

Resets the redirect_location to root_path by deleting the redirect_url from session.

Parameters:

  • authenticatable_class (ActiveRecord::Base)

    any Model connected to passwordless. (e.g - User or Admin).

Returns:

  • (String, nil)

    the redirect url that was just deleted, or nil if no url found for given Model.



133
134
135
# File 'lib/passwordless/controller_helpers.rb', line 133

def reset_passwordless_redirect_location!(authenticatable_class)
  session.delete(redirect_session_key(authenticatable_class))
end

#save_passwordless_redirect_location!(authenticatable_class) ⇒ String

Saves request.original_url as the redirect location for a passwordless Model.

Parameters:

  • authenticatable_class (ActiveRecord::Base)

    any Model connected to passwordless. (e.g - User or Admin).

Returns:

  • (String)

    the redirect url that was just saved.



124
125
126
# File 'lib/passwordless/controller_helpers.rb', line 124

def save_passwordless_redirect_location!(authenticatable_class)
  session[redirect_session_key(authenticatable_class)] = request.original_url
end

#session_key(authenticatable_class) ⇒ Object



137
138
139
# File 'lib/passwordless/controller_helpers.rb', line 137

def session_key(authenticatable_class)
  :"passwordless_session_id--#{authenticatable_class_parameterized(authenticatable_class)}"
end

#sign_in(record) ⇒ ActiveRecord::Base

Signs in session to sign in

Parameters:

Returns:

  • (ActiveRecord::Base)

    the record that is passed in.

Raises:



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'lib/passwordless/controller_helpers.rb', line 76

def (record)
  passwordless_session = if record.is_a?(Passwordless::Session)
    record
  else
    warn(
      "Passwordless::ControllerHelpers#sign_in with authenticatable " \
        "(`#{record.class}') is deprecated. Falling back to creating a " \
        "new Passwordless::Session"
    )
    build_passwordless_session(record).tap { |s| s.save! }
  end

  passwordless_session.claim! if Passwordless.restrict_token_reuse

  raise Passwordless::Errors::SessionTimedOutError if passwordless_session.timed_out?

  old_session = session.dup.to_hash
  reset_session if defined?(reset_session) # allow usage outside controllers
  old_session.each_pair { |k, v| session[k.to_sym] = v }

  key = session_key(passwordless_session.authenticatable_type)
  session[key] = passwordless_session.id

  if record.is_a?(Passwordless::Session)
    passwordless_session
  else
    passwordless_session.authenticatable
  end
end

#sign_out(authenticatable_class) ⇒ boolean

Signs out user by deleting the session key.

Parameters:

  • authenticatable_class (ActiveRecord::Base)

    any Model connected to passwordless. (e.g - User or Admin).

Returns:

  • (boolean)

    Always true



109
110
111
112
113
114
115
116
117
118
# File 'lib/passwordless/controller_helpers.rb', line 109

def sign_out(authenticatable_class)
  # Deprecated - cookies
  key = cookie_name(authenticatable_class)
  cookies.encrypted.permanent[key] = {value: nil}
  cookies.delete(key)

  # /deprecated
  reset_session if defined?(reset_session) # allow usage outside controllers
  true
end


45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/passwordless/controller_helpers.rb', line 45

def upgrade_passwordless_cookie(authenticatable_class)
  key = cookie_name(authenticatable_class)

  return unless (authenticatable_id = cookies.encrypted[key])
  cookies.encrypted.permanent[key] = {value: nil}
  cookies.delete(key)

  return unless (record = authenticatable_class.find_by(id: authenticatable_id))
  new_session = build_passwordless_session(record).tap { |s| s.save! }

  (new_session)

  new_session.authenticatable
end