Module: Aikotoba::Authenticatable

Extended by:

ActiveSupport::Concern

Includes:

Protection::SessionFixationAttack

Included in:

SessionsController

Defined in:

app/controllers/concerns/aikotoba/authenticatable.rb

Instance Method Summary

• #aikotoba_authenticate_by_session ⇒ Object

  NOTE: Even if there is already a session, verify that it can be authenticated, and if not, reset the session, in case the session is created and then locked by another browser etc.

• #aikotoba_current_account ⇒ Object
• #aikotoba_sign_in(account) ⇒ Object
• #aikotoba_sign_out ⇒ Object

Instance Method Details

#aikotoba_authenticate_by_session ⇒ Object

NOTE: Even if there is already a session, verify that it can be authenticated, and if not, reset the session, in case the session is created and then locked by another browser etc.

# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 25

def aikotoba_authenticate_by_session
  account = Account.authenticatable.find_by(id: session[aikotoba_session_key])
  account.tap { |account| reset_aikotoba_session unless account }
end

#aikotoba_current_account ⇒ Object

# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 6

def aikotoba_current_account
  unless defined?(@aikotoba_current_account)
    @aikotoba_current_account ||= aikotoba_authenticate_by_session
  end
  @aikotoba_current_account
end

#aikotoba_sign_in(account) ⇒ Object

# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 13

def aikotoba_sign_in(account)
  prevent_session_fixation_attack
  session[aikotoba_session_key] = account.id
end

#aikotoba_sign_out ⇒ Object

# File 'app/controllers/concerns/aikotoba/authenticatable.rb', line 18

def aikotoba_sign_out
  @aikotoba_current_account = nil
  reset_session
end