Module: Authpwn::HttpBasicControllerInstanceMethods

Includes:: CurrentUser

Defined in:: lib/authpwn_rails/http_basic.rb

Overview

Included in controllers that call authenticates_using_http_basic.

Instance Attribute Summary

Attributes included from CurrentUser

#current_user

Instance Method Summary collapse

#bounce_to_http_basic ⇒ Object

Inform the user that their request is forbidden.

Instance Method Details

#bounce_to_http_basic ⇒ `Object`

Inform the user that their request is forbidden.

If a user is logged on, this renders the session/forbidden view with a HTTP 403 code.

If no user is logged in, a HTTP 403 code is returned, together with an HTTP Authentication header causing the user-agent (browser) to initiate http basic authentication.

# File 'lib/authpwn_rails/http_basic.rb', line 47

def bounce_to_http_basic()
  unless current_user
    request_http_basic_authentication
    return
  end

  respond_to do |format|
    format.html do
      render 'session/forbidden', layout: false, status: :forbidden
    end
    format.json do
      render json: { error: "You're not allowed to access that" }
    end
  end
end