Module: GDS::SSO::ControllerMethods

Defined in:

lib/gds-sso/controller_methods.rb

Defined Under Namespace

Classes: PermissionDeniedException

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #authenticate_user! ⇒ Object
• #authorise_user!(permission) ⇒ Object
• #current_user ⇒ Object
• #log_out ⇒ Object
• #require_signin_permission! ⇒ Object
• #skip_slimmer ⇒ Object
• #user_remotely_signed_out? ⇒ Boolean
• #user_signed_in? ⇒ Boolean
• #warden ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 7

def self.included(base)
  base.rescue_from PermissionDeniedException do |e|
    render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
  end
  base.helper_method :user_signed_in?
  base.helper_method :current_user
end

Instance Method Details

#authenticate_user! ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 33

def authenticate_user!
  if user_remotely_signed_out?
    message = "You have been remotely signed out."
    skip_slimmer
    render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: message }
  end
  warden.authenticate!
end

#authorise_user!(permission) ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 16

def authorise_user!(permission)
  # Ensure that we're authenticated (and by extension that current_user is set).
  # Otherwise current_user might be nil, and we'd error out
  authenticate_user!

  if not current_user.has_permission?(permission)
    raise PermissionDeniedException, "Sorry, you don't seem to have the #{permission} permission for this app."
  end
end

#current_user ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 50

def current_user
  warden.user if user_signed_in?
end

#log_out ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 54

def log_out
  warden.log_out
end

#require_signin_permission! ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 26

def require_signin_permission!
  authorise_user!('signin')
rescue PermissionDeniedException
  skip_slimmer
  render "authorisations/cant_signin", layout: "unauthorised", status: :forbidden
end

#skip_slimmer ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 62

def skip_slimmer
  # If slimmer used, without this you would see a generic 400 error page
  headers["X-Slimmer-Skip"] = "1"
end

#user_remotely_signed_out? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gds-sso/controller_methods.rb', line 42

def user_remotely_signed_out?
  warden.authenticated? && warden.user.remotely_signed_out?
end

#user_signed_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gds-sso/controller_methods.rb', line 46

def user_signed_in?
  warden.authenticated? && ! warden.user.remotely_signed_out?
end

#warden ⇒ Object

# File 'lib/gds-sso/controller_methods.rb', line 58

def warden
  request.env['warden']
end