Module: GovukPersonalisation::ControllerConcern

Extended by:
ActiveSupport::Concern
Defined in:
lib/govuk_personalisation/controller_concern.rb

Constant Summary collapse

ACCOUNT_SESSION_INTERNAL_HEADER_NAME = 
"HTTP_GOVUK_ACCOUNT_SESSION"
ACCOUNT_SESSION_HEADER_NAME = 
"GOVUK-Account-Session"
ACCOUNT_END_SESSION_HEADER_NAME = 
"GOVUK-Account-End-Session"
"govuk_account_session"

Instance Method Summary collapse

Instance Method Details

#account_flash_add(message) ⇒ true, false

Add a message to the flash to return to the user. This does not change ‘account_flash`

Parameters:

  • message (String)

    the message to add

Returns:

  • (true, false)

    whether the message is valid (and so has been added)



119
120
121
122
123
124
125
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 119

def (message)
  return false unless GovukPersonalisation::Flash.valid_message? message

  @new_account_flash[message] = true
  
  true
end

#account_flash_keepObject

Copy all messages from the ‘account_flash` into the flash to return to the user.



129
130
131
132
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 129

def 
  @new_account_flash = @account_flash.merge(@new_account_flash)
  
end

#fetch_account_session_headerObject

Read the ‘GOVUK-Account-Session` request header and set the `@account_session_header` and `@account_flash` variables. Also sets a response header with an empty flash if there is a flash in the request.

This is called as a ‘before_action`

This should not be called after either of the ‘@govuk_account_session` or flash to return to the user have been changed, as those changes will be overwritten.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 31

def 
  session_with_flash =
    if request.headers[ACCOUNT_SESSION_INTERNAL_HEADER_NAME]
      request.headers[ACCOUNT_SESSION_INTERNAL_HEADER_NAME].presence
    elsif Rails.env.development?
      cookies[ACCOUNT_SESSION_DEV_COOKIE_NAME]
    end

  @account_session_header, flash = GovukPersonalisation::Flash.decode_session(session_with_flash)
  @account_flash = (flash || []).index_with { |_| true }
  @new_account_flash = {}

   unless @account_flash.empty?
end

#logged_in?true, false

Check if the user has a session.

This does not call account-api to verify that the session is valid, but an invalid session would not allow a user to access any personal data anyway.

Returns:

  • (true, false)

    whether the user has a session



65
66
67
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 65

def logged_in?
  .present?
end

#logout!Object

Clear the ‘@account_session_header` and set the logout response header.



98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 98

def logout!
  response.headers[ACCOUNT_END_SESSION_HEADER_NAME] = "1"
  response.headers["Cache-Control"] = "no-store"

  @account_session_header = nil

  if Rails.env.development?
    cookies[ACCOUNT_SESSION_DEV_COOKIE_NAME] = {
      value: "",
      domain: "dev.gov.uk",
      expires: 1.second.ago,
    }
  end
end

#redirect_with_analytics(url, allow_other_host: true) ⇒ Object

Redirect to a URL adding parameters necessary for cross-domain analytics and cookie consent

Parameters:

  • url (String)

    The URL to redirect to



138
139
140
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 138

def redirect_with_analytics(url, allow_other_host: true)
  redirect_to(url_with_analytics(url), allow_other_host: allow_other_host)
end

#set_account_session_header(govuk_account_session = nil) ⇒ Object

Set a new session header.

This should be called after any API call to account-api which returns a new session value. This is called automatically after updating the flash with ‘account_flash_add` or `account_flash_keep`

Calling this after calling ‘logout!` will not prevent the user from being logged out.

Parameters:

  • govuk_account_session (String, nil) (defaults to: nil)

    the new session identifier



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 80

def ( = nil)
  @account_session_header =  if 

  session_with_flash = GovukPersonalisation::Flash.encode_session(@account_session_header, @new_account_flash.keys)

  response.headers[ACCOUNT_SESSION_HEADER_NAME] = session_with_flash
  response.headers["Cache-Control"] = "no-store"

  if Rails.env.development?
    cookies[ACCOUNT_SESSION_DEV_COOKIE_NAME] = {
      value: session_with_flash,
      domain: "dev.gov.uk",
    }
  end
end

#set_account_vary_headerObject

Set the ‘Vary: GOVUK-Account-Session` response header.

This is called as a ‘before_action`, to ensure that pages rendered using one user’s session are not served to another by our CDN. You should only skip this action if you are certain that the response does not include any personalisation, or if you prevent caching in some other way (for example, with ‘Cache-Control: no-store`).



54
55
56
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 54

def 
  response.headers["Vary"] = [response.headers["Vary"], ACCOUNT_SESSION_HEADER_NAME].compact.join(", ")
end

#url_with_analytics(url) ⇒ Object

Build a URL adding parameters necessary for cross-domain analytics and cookie consent

Parameters:

  • url (String)

    The URL



146
147
148
 
# File 'lib/govuk_personalisation/controller_concern.rb', line 146

def url_with_analytics(url)
  GovukPersonalisation::Redirect.build_url(url, params.permit(:_ga, :cookie_consent).to_h)
end