Module: Arcadex
- Defined in:
- lib/arcadex.rb,
lib/arcadex/engine.rb,
lib/arcadex/version.rb,
app/models/arcadex/token.rb,
app/helpers/arcadex/application_helper.rb,
app/controllers/arcadex/tokens_controller.rb,
app/controllers/arcadex/application_controller.rb
Defined Under Namespace
Modules: ApplicationHelper Classes: ApplicationController, Engine, Token, TokensController
Constant Summary collapse
- VERSION =
"1.0.3"
Class Method Summary collapse
-
.authenticate_with_email_token(auth_token, email) ⇒ Object
This should be used in the application_controller before all actions.
-
.authenticate_with_only_token(auth_token) ⇒ Object
This should be used in the application_controller before all actions.
-
.create_token(id, type) ⇒ Object
Arcadex.create_token(instance.id,instance.class.to_s).
-
.destroy_all_tokens(id, type) ⇒ Object
Arcadex.destroy_all_tokens(instance.id,instance.class.to_s).
-
.destroy_auth_token(auth_token) ⇒ Object
Arcadex.destroy_token(token.auth_token).
- .destroy_token(token) ⇒ Object
-
.find_owner_by_auth_token(auth_token) ⇒ Object
Arcadex.find_owner_by_auth_token(auth_token).
-
.find_owner_by_token(token) ⇒ Object
Arcadex.find_owner_by_token(token).
-
.find_token_by_auth_token(auth_token_string) ⇒ Object
Arcadex.find_token_by_auth_token(token.auth_token).
-
.full_authentication(params, request, should_use_email) ⇒ Object
Below are authentication methods########################### This should be called by the user##############################.
-
.generate_auth_token ⇒ Object
This is now called by the token when it’s first saved token = instance.tokens.new token.auth_token = Arcadex.generate_auth_token token.save.
-
.grab_email(params, request) ⇒ Object
Gets the email from either the url or header.
-
.grab_token(params, request) ⇒ Object
Gets the auth_token from either the url or header.
-
.token_expired?(token) ⇒ Boolean
Arcadex.token_expired?(token) How long should tokens last? A day if not rememberable And a month if you are?.
Class Method Details
.authenticate_with_email_token(auth_token, email) ⇒ Object
This should be used in the application_controller before all actions
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/arcadex.rb', line 47 def self.authenticate_with_email_token(auth_token,email) #Find token from auth_token and owner from token token = ::Arcadex.find_token_by_auth_token(auth_token) owner = ::Arcadex.find_owner_by_token(token) #This assumes that the owner of the token is indeed a user if !token.nil? user = Object.const_get(token.imageable_type).find_by(email: email) #user = ::People::User.find_by(email: email) end #This is to mitigate timing attacks ::Devise.secure_compare(auth_token,auth_token) if owner.nil? || user.nil? || user.id != owner.id return nil else #These are the variables available to every controller that inherits instance_hash = {"current_user" => owner, "current_token" => token} return instance_hash end end |
.authenticate_with_only_token(auth_token) ⇒ Object
This should be used in the application_controller before all actions
67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/arcadex.rb', line 67 def self.authenticate_with_only_token(auth_token) #Find token from auth_token and owner from token token = ::Arcadex.find_token_by_auth_token(auth_token) owner = ::Arcadex.find_owner_by_token(token) #This is to mitigate timing attacks ::Devise.secure_compare(auth_token,auth_token) if owner.nil? return nil else #These are the variables available to every controller that inherits instance_hash = {"current_user" => owner, "current_token" => token} return instance_hash end end |
.create_token(id, type) ⇒ Object
Arcadex.create_token(instance.id,instance.class.to_s)
97 98 99 100 101 102 103 104 |
# File 'lib/arcadex.rb', line 97 def self.create_token(id,type) token = Token.new token.imageable_id = id token.imageable_type = type #token.auth_token = generate_auth_token token.save return token end |
.destroy_all_tokens(id, type) ⇒ Object
Arcadex.destroy_all_tokens(instance.id,instance.class.to_s)
134 135 136 137 138 139 |
# File 'lib/arcadex.rb', line 134 def self.destroy_all_tokens(id,type) if Object.const_get(type).exists?(id) instance = Object.const_get(type).find(id) instance.tokens.destroy_all end end |
.destroy_auth_token(auth_token) ⇒ Object
Arcadex.destroy_token(token.auth_token)
123 124 125 126 |
# File 'lib/arcadex.rb', line 123 def self.destroy_auth_token(auth_token) token = find_token_by_auth_token(auth_token) destroy_token(token) end |
.destroy_token(token) ⇒ Object
127 128 129 130 131 132 |
# File 'lib/arcadex.rb', line 127 def self.destroy_token(token) if token.nil? return nil end token.destroy end |
.find_owner_by_auth_token(auth_token) ⇒ Object
Arcadex.find_owner_by_auth_token(auth_token)
143 144 145 146 |
# File 'lib/arcadex.rb', line 143 def self.find_owner_by_auth_token(auth_token) token = Arcadex.find_token_by_auth_token(auth_token) return Arcadex.find_owner_by_token(token) end |
.find_owner_by_token(token) ⇒ Object
Arcadex.find_owner_by_token(token)
148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'lib/arcadex.rb', line 148 def self.find_owner_by_token(token) if token.nil? return nil end if token_expired?(token) destroy_token(token) return nil else instance = Object.const_get(token.imageable_type).find(token.imageable_id) return instance end end |
.find_token_by_auth_token(auth_token_string) ⇒ Object
Arcadex.find_token_by_auth_token(token.auth_token)
108 109 110 111 112 113 114 115 116 117 118 119 |
# File 'lib/arcadex.rb', line 108 def self.find_token_by_auth_token(auth_token_string) token = Token.find_by(auth_token: auth_token_string) if token.nil? return nil end if token_expired?(token) destroy_token(token) return nil else return token end end |
.full_authentication(params, request, should_use_email) ⇒ Object
Below are authentication methods########################### This should be called by the user##############################
7 8 9 10 11 12 13 14 15 |
# File 'lib/arcadex.rb', line 7 def self.full_authentication(params,request,should_use_email) auth_token = grab_token(params,request) email = grab_email(params,request) if should_use_email return authenticate_with_email_token(auth_token,email) else return authenticate_with_only_token(auth_token) end end |
.generate_auth_token ⇒ Object
This is now called by the token when it’s first saved token = instance.tokens.new token.auth_token = Arcadex.generate_auth_token token.save
89 90 91 92 93 94 95 |
# File 'lib/arcadex.rb', line 89 def self.generate_auth_token token = ::Devise.friendly_token while Token.exists?(token) token = ::Devise.friendly_token end return token end |
.grab_email(params, request) ⇒ Object
Gets the email from either the url or header
36 37 38 39 40 41 42 43 44 45 |
# File 'lib/arcadex.rb', line 36 def self.grab_email(params,request) #Header email has preference if !params["email"].blank? email = params["email"] end if !request.headers["Email"].blank? email = request.headers["Email"] end return email end |
.grab_token(params, request) ⇒ Object
Gets the auth_token from either the url or header
25 26 27 28 29 30 31 32 33 34 |
# File 'lib/arcadex.rb', line 25 def self.grab_token(params,request) #Header token has preference if !params["auth_token"].blank? auth_token = params["auth_token"] end if !request.headers["Auth-Token"].blank? auth_token = request.headers["Auth-Token"] end return auth_token end |
.token_expired?(token) ⇒ Boolean
Arcadex.token_expired?(token) How long should tokens last? A day if not rememberable And a month if you are?
165 166 167 |
# File 'lib/arcadex.rb', line 165 def self.token_expired?(token) return false end |