Class: Authlogic::ControllerAdapters::AbstractAdapter

Inherits:
Object
  • Object
show all
Defined in:
lib/authlogic/controller_adapters/abstract_adapter.rb

Overview

Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter for an example of how to adapt Authlogic to work with your framework.

Constant Summary collapse

"The cookie_domain method has not been " \
"implemented by the controller adapter"
ENV_SESSION_OPTIONS =
"rack.session.options"

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(controller) ⇒ AbstractAdapter

Returns a new instance of AbstractAdapter.


15
16
17
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 15

def initialize(controller)
  self.controller = controller
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(id, *args, &block) ⇒ Object (private)


114
115
116
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 114

def method_missing(id, *args, &block)
  controller.send(id, *args, &block)
end

Instance Attribute Details

#controllerObject

Returns the value of attribute controller.


13
14
15
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 13

def controller
  @controller
end

Instance Method Details

#authenticate_with_http_basicObject


19
20
21
22
23
24
25
26
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 19

def authenticate_with_http_basic
  @auth = Rack::Auth::Basic::Request.new(controller.request.env)
  if @auth.provided? && @auth.basic?
    yield(*@auth.credentials)
  else
    false
  end
end

Raises:

  • (NotImplementedError)

32
33
34
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 32

def cookie_domain
  raise NotImplementedError, E_COOKIE_DOMAIN_ADAPTER
end

#cookiesObject


28
29
30
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 28

def cookies
  controller.cookies
end

#last_request_update_allowed?Boolean

You can disable the updating of `last_request_at` on a per-controller basis.

# in your controller
def last_request_update_allowed?
  false
end

For example, what if you had a javascript function that polled the server updating how much time is left in their session before it times out. Obviously you would want to ignore this request, because then the user would never time out. So you can do something like this in your controller:

def last_request_update_allowed?
  action_name != "update_session_time_left"
end

See `authlogic/session/magic_columns.rb` to learn more about the `last_request_at` column itself.

Returns:

  • (Boolean)

100
101
102
103
104
105
106
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 100

def last_request_update_allowed?
  if controller.respond_to?(:last_request_update_allowed?, true)
    controller.send(:last_request_update_allowed?)
  else
    true
  end
end

#paramsObject


36
37
38
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 36

def params
  controller.params
end

#renew_session_idObject

Inform Rack that we would like a new session ID to be assigned. Changes the ID, but not the contents of the session.

The `:renew` option is read by `rack/session/abstract/id.rb`.

This is how Devise (via warden) implements defense against Session Fixation. Our implementation is copied directly from the warden gem (set_user in warden/proxy.rb)


56
57
58
59
60
61
62
63
64
65
66
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 56

def renew_session_id
  env = request.env
  options = env[ENV_SESSION_OPTIONS]
  if options
    if options.frozen?
      env[ENV_SESSION_OPTIONS] = options.merge(renew: true).freeze
    else
      options[:renew] = true
    end
  end
end

#requestObject


40
41
42
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 40

def request
  controller.request
end

#request_content_typeObject


44
45
46
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 44

def request_content_type
  request.content_type
end

#respond_to_missing?(*args) ⇒ Boolean

Returns:

  • (Boolean)

108
109
110
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 108

def respond_to_missing?(*args)
  super(*args) || controller.respond_to?(*args)
end

#responds_to_single_access_allowed?Boolean

Returns:

  • (Boolean)

72
73
74
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 72

def responds_to_single_access_allowed?
  controller.respond_to?(:single_access_allowed?, true)
end

#sessionObject


68
69
70
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 68

def session
  controller.session
end

#single_access_allowed?Boolean

Returns:

  • (Boolean)

76
77
78
# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 76

def single_access_allowed?
  controller.send(:single_access_allowed?)
end