Class: Authlogic::Session::Base

Inherits:
Object
  • Object
show all
Includes:
Authlogic::Session, ActiveRecordTrickery, Callbacks, Config, Cookies, Params, Perishability, Scopes, Timeout
Defined in:
lib/authlogic/session/base.rb,
lib/authlogic.rb

Overview

Base

This is the muscle behind Authlogic. For detailed information on how to use this please refer to the README. For detailed method explanations see below.

Constant Summary

Constants included from Callbacks

Callbacks::CALLBACKS

Class Attribute Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Config

included

Methods included from Timeout

#find_record_with_timeout, included, #stale?

Methods included from Scopes

included

Methods included from Perishability

included

Methods included from Params

#valid_params?

Methods included from Cookies

included, #valid_cookie?

Methods included from Callbacks

#destroy_with_callbacks, #find_record_with_callbacks, included, #save_with_callbacks, #validate_with_callbacks

Methods included from ActiveRecordTrickery

included

Constructor Details

#initialize(*args) ⇒ Base

You can initialize a session by doing any of the following:

UserSession.new
UserSession.new(:login => "login", :password => "password", :remember_me => true)
UserSession.new(User.first, true)

If a user has more than one session you need to pass an id so that Authlogic knows how to differentiate the sessions. The id MUST be a Symbol.

UserSession.new(:my_id)
UserSession.new({:login => "login", :password => "password", :remember_me => true}, :my_id)
UserSession.new(User.first, true, :my_id)

For more information on ids see the id method.

Lastly, the reason the id is separate from the first parameter hash is becuase this should be controlled by you, not by what the user passes. A user could inject their own id and things would not work as expected.

Raises:



114
115
116
117
118
119
120
121
122
123
124
125
126
127
# File 'lib/authlogic/session/base.rb', line 114

def initialize(*args)
  raise NotActivated.new(self) unless self.class.activated?
  
  create_configurable_methods!
  
  self.id = args.pop if args.last.is_a?(Symbol)
  
  if args.first.is_a?(Hash)
    self.credentials = args.first
  elsif !args.first.blank? && args.first.class < ::ActiveRecord::Base
    self.unauthorized_record = args.first
    self.remember_me = args[1] if args.size > 1
  end
end

Class Attribute Details

.methods_configuredObject

Returns the value of attribute methods_configured



10
11
12
# File 'lib/authlogic/session/base.rb', line 10

def methods_configured
  @methods_configured
end

Instance Attribute Details

#authenticating_withObject

A flag for how the user is logging in. Possible values:

  • :password - username and password

  • :unauthorized_record - an actual ActiveRecord object

By default this is :password



135
136
137
# File 'lib/authlogic/session/base.rb', line 135

def authenticating_with
  @authenticating_with ||= :password
end

#idObject

Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time. A good example when this might be needed is when you want to have a normal user session and a “secure” user session. The secure user session would be created only when they want to modify their billing information, or other sensitive information. Similar to me.com. This requires 2 user sessions. Just use an id for the “secure” session and you should be good.

You can set the id during initialization (see initialize for more information), or as an attribute:

session.id = :my_id

Just be sure and set your id before you save your session.

Lastly, to retrieve your session with the id check out the find class method.



217
218
219
# File 'lib/authlogic/session/base.rb', line 217

def id
  @id
end

#new_sessionObject

Returns the value of attribute new_session



94
95
96
# File 'lib/authlogic/session/base.rb', line 94

def new_session
  @new_session
end

#persistingObject

:nodoc:



238
239
240
241
# File 'lib/authlogic/session/base.rb', line 238

def persisting # :nodoc:
  return @persisting if defined?(@persisting)
  @persisting = true
end

#recordObject

Returns the value of attribute record



95
96
97
# File 'lib/authlogic/session/base.rb', line 95

def record
  @record
end

#unauthorized_recordObject

Returns the value of attribute unauthorized_record



95
96
97
# File 'lib/authlogic/session/base.rb', line 95

def unauthorized_record
  @unauthorized_record
end

Class Method Details

.activated?Boolean

Returns true if a controller has been set and can be used properly. This MUST be set before anything can be done. Similar to how ActiveRecord won't allow you to do anything without establishing a DB connection. In your framework environment this is done for you, but if you are using Authlogic outside of your framework, you need to assign a controller object to Authlogic via Authlogic::Session::Base.controller = obj. See the controller= method for more information.

Returns:

  • (Boolean)


15
16
17
# File 'lib/authlogic/session/base.rb', line 15

def activated?
  !controller.nil?
end

.controllerObject

:nodoc:



25
26
27
# File 'lib/authlogic/session/base.rb', line 25

def controller # :nodoc:
  Thread.current[:authlogic_controller]
end

.controller=(value) ⇒ Object

This accepts a controller object wrapped with the Authlogic controller adapter. The controller adapters close the gap between the different controllers in each framework. That being said, Authlogic is expecting your object's class to extend Authlogic::ControllerAdapters::AbstractAdapter. See Authlogic::ControllerAdapters for more info.



21
22
23
# File 'lib/authlogic/session/base.rb', line 21

def controller=(value)
  Thread.current[:authlogic_controller] = value
end

.create(*args, &block) ⇒ Object

A convenince method. The same as:

session = UserSession.new
session.create


33
34
35
36
# File 'lib/authlogic/session/base.rb', line 33

def create(*args, &block)
  session = new(*args)
  session.save(&block)
end

.create!(*args) ⇒ Object

Same as create but calls create!, which raises an exception when authentication fails.



39
40
41
42
# File 'lib/authlogic/session/base.rb', line 39

def create!(*args)
  session = new(*args)
  session.save!
end

.find(id = nil) ⇒ Object

A convenience method for session.find_record. Finds your session by parameters, then session, then cookie, and finally by basic http auth. This is perfect for persisting your session:

helper_method :current_user_session, :current_user

def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session = UserSession.find
end

def current_user
  return @current_user if defined?(@current_user)
  @current_user = current_user_session && current_user_session.user
end

Accepts a single parameter as the id, to find session that you marked with an id:

UserSession.find(:secure)

See the id method for more information on ids.



64
65
66
67
68
69
70
71
72
# File 'lib/authlogic/session/base.rb', line 64

def find(id = nil)
  args = [id].compact
  session = new(*args)
  if session.find_record
    session
  else
    nil
  end
end

.klassObject

The name of the class that this session is authenticating with. For example, the UserSession class will authenticate with the User class unless you specify otherwise in your configuration. See authenticate_with for information on how to change this value.



76
77
78
79
80
81
82
83
# File 'lib/authlogic/session/base.rb', line 76

def klass
  @klass ||=
    if klass_name
      klass_name.constantize
    else
      nil
    end
end

.klass_nameObject

Same as klass, just returns a string instead of the actual constant.



86
87
88
89
90
91
# File 'lib/authlogic/session/base.rb', line 86

def klass_name
  @klass_name ||= 
    if guessed_name = name.scan(/(.*)Session/)[0]
      @klass_name = guessed_name[0]
    end
end

Instance Method Details

#authenticating_with_password?Boolean

Returns true if logging in with credentials. Credentials mean username and password.

Returns:

  • (Boolean)


140
141
142
# File 'lib/authlogic/session/base.rb', line 140

def authenticating_with_password?
  authenticating_with == :password
end

#authenticating_with_unauthorized_record?Boolean Also known as: authenticating_with_record?

Returns true if logging in with an unauthorized record

Returns:

  • (Boolean)


145
146
147
# File 'lib/authlogic/session/base.rb', line 145

def authenticating_with_unauthorized_record?
  authenticating_with == :unauthorized_record
end

#credentialsObject

Your login credentials in hash format. Usually => “my login”, :password => “<protected>” depending on your configuration. Password is protected as a security measure. The raw password should never be publicly accessible.



152
153
154
# File 'lib/authlogic/session/base.rb', line 152

def credentials
  { => send(), password_field => "<Protected>"}
end

#credentials=(values) ⇒ Object

Lets you set your loging and password via a hash format. This is “params” safe. It only allows for 3 keys: your login field name, password field name, and remember me.



157
158
159
160
161
162
163
164
# File 'lib/authlogic/session/base.rb', line 157

def credentials=(values)
  return if values.blank? || !values.is_a?(Hash)
  values.symbolize_keys!
  values.each do |field, value|
    next if value.blank?
    send("#{field}=", value)
  end
end

#destroyObject

Resets everything, your errors, record, cookies, and session. Basically “logs out” a user.



167
168
169
170
171
# File 'lib/authlogic/session/base.rb', line 167

def destroy
  errors.clear
  @record = nil
  true
end

#errorsObject

The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses the exact same ActiveRecord errors class. Use it the same way:

Example

class UserSession
  before_validation :check_if_awesome

  private
    def check_if_awesome
      errors.add(:login, "must contain awesome") if  && !.include?("awesome")
      errors.add_to_base("You must be awesome to log in") unless record.awesome?
    end
end


186
187
188
# File 'lib/authlogic/session/base.rb', line 186

def errors
  @errors ||= Errors.new(self)
end

#find_recordObject

Attempts to find the record by params, then session, then cookie, and finally basic http auth. See the class level find method if you are wanting to use this to persist your session.



191
192
193
194
195
196
197
198
199
200
201
202
203
204
# File 'lib/authlogic/session/base.rb', line 191

def find_record
  if record
    self.new_session = false
    return record
  end
  
  find_with.each do |find_method|
    if send("valid_#{find_method}?")
      self.new_session = false
      return record
    end
  end
  nil
end

#inspectObject

:nodoc:



221
222
223
224
225
226
227
228
229
230
231
# File 'lib/authlogic/session/base.rb', line 221

def inspect # :nodoc:
  details = {}
  case authenticating_with
  when :unauthorized_record
    details[:unauthorized_record] = "<protected>"
  else
    details[.to_sym] = send()
    details[password_field.to_sym] = "<protected>"
  end
  "#<#{self.class.name} #{details.inspect}>"
end

#new_session?Boolean

Similar to ActiveRecord's new_record? Returns true if the session has not been saved yet.

Returns:

  • (Boolean)


234
235
236
# File 'lib/authlogic/session/base.rb', line 234

def new_session?
  new_session != false
end

#persisting?Boolean

Returns true if the session is being persisted. This is set to false if the session was found by the single_access_token, since logging in via a single access token should not remember the user in the session or the cookie.

Returns:

  • (Boolean)


245
246
247
# File 'lib/authlogic/session/base.rb', line 245

def persisting?
  persisting == true
end

#remember_meObject

:nodoc:



249
250
251
252
# File 'lib/authlogic/session/base.rb', line 249

def remember_me # :nodoc:
  return @remember_me if defined?(@remember_me)
  @remember_me = self.class.remember_me
end

#remember_me=(value) ⇒ Object

Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for “remember_me_until”.



255
256
257
# File 'lib/authlogic/session/base.rb', line 255

def remember_me=(value)
  @remember_me = value
end

#remember_me?Boolean

Allows users to be remembered via a cookie.

Returns:

  • (Boolean)


260
261
262
# File 'lib/authlogic/session/base.rb', line 260

def remember_me?
  remember_me == true || remember_me == "true" || remember_me == "1"
end

#remember_me_untilObject

When to expire the cookie. See remember_me_for configuration option to change this.



265
266
267
268
# File 'lib/authlogic/session/base.rb', line 265

def remember_me_until
  return unless remember_me?
  remember_me_for.from_now
end

#save {|result| ... } ⇒ Object

Creates / updates a new user session for you. It does all of the magic:

  1. validates

  2. sets session

  3. sets cookie

  4. updates magic fields

Yields:

  • (result)


276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
# File 'lib/authlogic/session/base.rb', line 276

def save(&block)
  result = nil
  if valid?
    record. = (record..blank? ? 1 : record. + 1) if record.respond_to?(:login_count)
    
    if record.respond_to?(:current_login_at)
      record. = record. if record.respond_to?(:last_login_at)
      record. = klass.default_timezone == :utc ? Time.now.utc : Time.now
    end
    
    if record.respond_to?(:current_login_ip)
      record. = record. if record.respond_to?(:last_login_ip)
      record. = controller.request.remote_ip
    end
    
    record.save_without_session_maintenance(false)
    
    self.new_session = false
    result = self
  else
    result = false
  end
  
  yield result if block_given?
  result
end

#save!Object

Same as save but raises an exception when authentication fails

Raises:



304
305
306
307
308
# File 'lib/authlogic/session/base.rb', line 304

def save!
  result = save
  raise SessionInvalid.new(self) unless result
  result
end

#valid?Boolean

Returns if the session is valid or not. Basically it means that a record could or could not be found. If the session is valid you will have a result when calling the “record” method. If it was unsuccessful you will not have a record.

Returns:

  • (Boolean)


323
324
325
326
327
328
329
330
331
332
333
# File 'lib/authlogic/session/base.rb', line 323

def valid?
  errors.clear
  if valid_credentials?
    validate
    valid_record?
    return true if errors.empty?
  end
  
  self.record = nil
  false
end

#valid_http_auth?Boolean

Tries to validate the session from information from a basic http auth, if it was provided.

Returns:

  • (Boolean)


336
337
338
339
340
341
342
343
344
345
346
# File 'lib/authlogic/session/base.rb', line 336

def valid_http_auth?
  controller.authenticate_with_http_basic do |, password|
    if !.blank? && !password.blank?
      send("#{login_field}=", )
      send("#{password_field}=", password)
      return valid?
    end
  end
  
  false
end

#validateObject

Overwite this method to add your own validation, or use callbacks: before_validation, after_validation



349
350
# File 'lib/authlogic/session/base.rb', line 349

def validate
end