Module: Authpwn::ControllerInstanceMethods
- Includes:
- CurrentUser
- Defined in:
- lib/authpwn_rails/session.rb
Overview
Included in controllers that call authenticates_using_session.
Instance Attribute Summary
Attributes included from CurrentUser
Instance Method Summary collapse
-
#bounce_user(redirect_url = request.url) ⇒ Object
Inform the user that their request is forbidden.
-
#set_session_current_user(user) ⇒ Object
Sets up the session so that it will authenticate the given user.
Instance Method Details
#bounce_user(redirect_url = request.url) ⇒ Object
Inform the user that their request is forbidden.
If a user is logged on, this renders the session/forbidden view with a HTTP 403 code.
If no user is logged in, the user is redirected to session/new, and the current request’s URL is saved in flash.
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/authpwn_rails/session.rb', line 84 def bounce_user(redirect_url = request.url) # NOTE: this is tested in CookieControllerTest respond_to do |format| format.html do @redirect_url = redirect_url if current_user render 'session/forbidden', layout: false, status: :forbidden else flash[:auth_redirect_url] = redirect_url render 'session/forbidden', layout: false, status: :forbidden end end format.json do = current_user ? "You're not allowed to access that" : 'Please sign in' render json: { error: } end end end |
#set_session_current_user(user) ⇒ Object
Sets up the session so that it will authenticate the given user.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/authpwn_rails/session.rb', line 41 def set_session_current_user(user) self.current_user = user # Try to reuse existing sessions. if session[:authpwn_suid] token = Tokens::SessionUid.with_code(session[:authpwn_suid]).first if token if token.user == user token.touch return user else token.destroy end end end if user session[:authpwn_suid] = Tokens::SessionUid.random_for(user, request.remote_ip, request.user_agent || 'N/A').suid else session.delete :authpwn_suid end end |