Module: Authlogic::Session::Params

Included in:
Base
Defined in:
lib/authlogic/session/params.rb

Overview

Params

Tries to log the user in via params. Think about cookies and sessions. They are just hashes in your controller, so are params. People never look at params as an authentication option, but it can be useful for logging into private feeds, etc. Logging in a user is as simple as:

https://www.domain.com?user_credentials=[insert single access token here]

Wait, what is a single access token? It is all explained in the README. Checkout the “Tokens” section in the README, there is section about single access tokens. For security reasons, this type of authentication is ONLY available via single access tokens, you can NOT pass your persistence token. Which means you must have a single_access_token field in your database.

Instance Method Summary collapse

Instance Method Details

#valid_params?Boolean

Tries to validate the session from information in the params token


15
16
17
18
19
20
21
22
23
24
# File 'lib/authlogic/session/params.rb', line 15

def valid_params?
  if params_credentials && single_access_token_field && (single_access_allowed_request_types.include?(controller.request_content_type) || single_access_allowed_request_types.include?(:all) || controller.single_access_allowed?)
    self.unauthorized_record = search_for_record("find_by_#{single_access_token_field}", params_credentials)
    self.persisting = false
    return true if valid?
    self.persisting = true
  else
    false
  end
end