Module: GovukPersonalisation::ControllerConcern
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/govuk_personalisation/controller_concern.rb
Constant Summary collapse
- ACCOUNT_SESSION_INTERNAL_HEADER_NAME =
"HTTP_GOVUK_ACCOUNT_SESSION"
- ACCOUNT_SESSION_HEADER_NAME =
"GOVUK-Account-Session"
- ACCOUNT_END_SESSION_HEADER_NAME =
"GOVUK-Account-End-Session"
- ACCOUNT_SESSION_DEV_COOKIE_NAME =
"govuk_account_session"
Instance Method Summary collapse
-
#account_flash_add(message) ⇒ true, false
Add a message to the flash to return to the user.
-
#account_flash_keep ⇒ Object
Copy all messages from the ‘account_flash` into the flash to return to the user.
-
#fetch_account_session_header ⇒ Object
Read the ‘GOVUK-Account-Session` request header and set the `@account_session_header` and `@account_flash` variables.
-
#logged_in? ⇒ true, false
Check if the user has a session.
-
#logout! ⇒ Object
Clear the ‘@account_session_header` and set the logout response header.
-
#redirect_with_analytics(url, allow_other_host: true) ⇒ Object
Redirect to a URL adding parameters necessary for cross-domain analytics and cookie consent.
-
#set_account_session_header(govuk_account_session = nil) ⇒ Object
Set a new session header.
-
#set_account_vary_header ⇒ Object
Set the ‘Vary: GOVUK-Account-Session` response header.
-
#url_with_analytics(url) ⇒ Object
Build a URL adding parameters necessary for cross-domain analytics and cookie consent.
Instance Method Details
#account_flash_add(message) ⇒ true, false
Add a message to the flash to return to the user. This does not change ‘account_flash`
119 120 121 122 123 124 125 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 119 def account_flash_add() return false unless GovukPersonalisation::Flash. @new_account_flash[] = true set_account_session_header true end |
#account_flash_keep ⇒ Object
Copy all messages from the ‘account_flash` into the flash to return to the user.
129 130 131 132 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 129 def account_flash_keep @new_account_flash = @account_flash.merge(@new_account_flash) set_account_session_header end |
#fetch_account_session_header ⇒ Object
Read the ‘GOVUK-Account-Session` request header and set the `@account_session_header` and `@account_flash` variables. Also sets a response header with an empty flash if there is a flash in the request.
This is called as a ‘before_action`
This should not be called after either of the ‘@govuk_account_session` or flash to return to the user have been changed, as those changes will be overwritten.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 31 def fetch_account_session_header session_with_flash = if request.headers[ACCOUNT_SESSION_INTERNAL_HEADER_NAME] request.headers[ACCOUNT_SESSION_INTERNAL_HEADER_NAME].presence elsif Rails.env.development? [ACCOUNT_SESSION_DEV_COOKIE_NAME] end @account_session_header, flash = GovukPersonalisation::Flash.decode_session(session_with_flash) @account_flash = (flash || []).index_with { |_| true } @new_account_flash = {} set_account_session_header unless @account_flash.empty? end |
#logged_in? ⇒ true, false
Check if the user has a session.
This does not call account-api to verify that the session is valid, but an invalid session would not allow a user to access any personal data anyway.
65 66 67 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 65 def logged_in? account_session_header.present? end |
#logout! ⇒ Object
Clear the ‘@account_session_header` and set the logout response header.
98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 98 def logout! response.headers[ACCOUNT_END_SESSION_HEADER_NAME] = "1" response.headers["Cache-Control"] = "no-store" @account_session_header = nil if Rails.env.development? [ACCOUNT_SESSION_DEV_COOKIE_NAME] = { value: "", domain: "dev.gov.uk", expires: 1.second.ago, } end end |
#redirect_with_analytics(url, allow_other_host: true) ⇒ Object
Redirect to a URL adding parameters necessary for cross-domain analytics and cookie consent
138 139 140 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 138 def redirect_with_analytics(url, allow_other_host: true) redirect_to(url_with_analytics(url), allow_other_host: allow_other_host) end |
#set_account_session_header(govuk_account_session = nil) ⇒ Object
Set a new session header.
This should be called after any API call to account-api which returns a new session value. This is called automatically after updating the flash with ‘account_flash_add` or `account_flash_keep`
Calling this after calling ‘logout!` will not prevent the user from being logged out.
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 80 def set_account_session_header(govuk_account_session = nil) @account_session_header = govuk_account_session if govuk_account_session session_with_flash = GovukPersonalisation::Flash.encode_session(@account_session_header, @new_account_flash.keys) response.headers[ACCOUNT_SESSION_HEADER_NAME] = session_with_flash response.headers["Cache-Control"] = "no-store" if Rails.env.development? [ACCOUNT_SESSION_DEV_COOKIE_NAME] = { value: session_with_flash, domain: "dev.gov.uk", } end end |
#set_account_vary_header ⇒ Object
Set the ‘Vary: GOVUK-Account-Session` response header.
This is called as a ‘before_action`, to ensure that pages rendered using one user’s session are not served to another by our CDN. You should only skip this action if you are certain that the response does not include any personalisation, or if you prevent caching in some other way (for example, with ‘Cache-Control: no-store`).
54 55 56 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 54 def set_account_vary_header response.headers["Vary"] = [response.headers["Vary"], ACCOUNT_SESSION_HEADER_NAME].compact.join(", ") end |
#url_with_analytics(url) ⇒ Object
Build a URL adding parameters necessary for cross-domain analytics and cookie consent
146 147 148 |
# File 'lib/govuk_personalisation/controller_concern.rb', line 146 def url_with_analytics(url) GovukPersonalisation::Redirect.build_url(url, params.permit(:_ga, :cookie_consent).to_h) end |