Module: Passwordless::ControllerHelpers

Included in:

SessionsController

Defined in:

lib/passwordless/controller_helpers.rb

Overview

Helpers to work with Passwordless sessions from controllers

Instance Method Summary

• #authenticate_by_cookie(authenticatable_class) ⇒ ActiveRecord::Base|nil deprecated Deprecated.

  Use #authenticate_by_session

• #authenticate_by_session(authenticatable_class) ⇒ ActiveRecord::Base|nil

  Authenticate a record using the session.

• #build_passwordless_session(authenticatable) ⇒ Session

  Build a new Passwordless::Session from an authenticatable record.

• #find_passwordless_session_for(authenticatable_class) ⇒ Session^?

  Returns the Session (if set) from the session.

• #redirect_session_key(authenticatable_class) ⇒ Object
• #reset_passwordless_redirect_location!(authenticatable_class) ⇒ String^?

  Resets the redirect_location to root_path by deleting the redirect_url from session.

• #save_passwordless_redirect_location!(authenticatable_class) ⇒ String

  Saves request.original_url as the redirect location for a passwordless Model.

• #session_key(authenticatable_class) ⇒ Object
• #sign_in(record) ⇒ ActiveRecord::Base

  Signs in session to sign in.

• #sign_out(authenticatable_class) ⇒ boolean

  Signs out user by deleting the session key.

• #upgrade_passwordless_cookie(authenticatable_class) ⇒ Object

Instance Method Details

#authenticate_by_cookie(authenticatable_class) ⇒ ActiveRecord::Base|nil

Deprecated.

Use #authenticate_by_session

Authenticate a record using cookies. Looks for a cookie corresponding to the authenticatable_class. If found try to find it in the database.

Parameters:

• authenticatable_class (ActiveRecord::Base) —

  any Model connected to passwordless. (e.g - User or Admin).

Returns:

• (ActiveRecord::Base|nil) —

  an instance of Model found by id stored in cookies.encrypted or nil if nothing is found.

See Also:

• ModelHelpers#passwordless_with

# File 'lib/passwordless/controller_helpers.rb', line 34

def authenticate_by_cookie(authenticatable_class)
  key = cookie_name(authenticatable_class)
  authenticatable_id = cookies.encrypted[key]

  return authenticatable_class.find_by(id: authenticatable_id) if authenticatable_id

  authenticate_by_session(authenticatable_class)
end

#authenticate_by_session(authenticatable_class) ⇒ ActiveRecord::Base|nil

Authenticate a record using the session. Looks for a session key corresponding to the authenticatable_class. If found try to find it in the database.

Parameters:

• authenticatable_class (ActiveRecord::Base) —

  any Model connected to passwordless. (e.g - User or Admin).

Returns:

• (ActiveRecord::Base|nil) —

  an instance of Model found by id stored in cookies.encrypted or nil if nothing is found.

See Also:

• ModelHelpers#passwordless_with

# File 'lib/passwordless/controller_helpers.rb', line 67

def authenticate_by_session(authenticatable_class)
  return unless find_passwordless_session_for(authenticatable_class)&.available?
  find_passwordless_session_for(authenticatable_class).authenticatable
end

#build_passwordless_session(authenticatable) ⇒ Session

Build a new Passwordless::Session from an authenticatable record. Set’s ‘user_agent` and `remote_addr` from Rails’ ‘request`.

Parameters:

• authenticatable (ActiveRecord::Base) —

  Instance of an authenticatable Rails model

Returns:

• (Session) —

  the new Session object

See Also:

• ModelHelpers#passwordless_with

# File 'lib/passwordless/controller_helpers.rb', line 18

def build_passwordless_session(authenticatable)
  Session.new.tap do |us|
    us.remote_addr = request.remote_addr
    us.user_agent = request.env["HTTP_USER_AGENT"]
    us.authenticatable = authenticatable
  end
end

#find_passwordless_session_for(authenticatable_class) ⇒ Session^?

Returns the Session (if set) from the session.

Returns:

• (Session, nil)

# File 'lib/passwordless/controller_helpers.rb', line 8

def find_passwordless_session_for(authenticatable_class)
  Passwordless::Session.find_by(id: session[session_key(authenticatable_class)])
end

#redirect_session_key(authenticatable_class) ⇒ Object

# File 'lib/passwordless/controller_helpers.rb', line 141

def redirect_session_key(authenticatable_class)
  :"passwordless_prev_location--#{authenticatable_class_parameterized(authenticatable_class)}"
end

#reset_passwordless_redirect_location!(authenticatable_class) ⇒ String^?

Resets the redirect_location to root_path by deleting the redirect_url from session.

Parameters:

• authenticatable_class (ActiveRecord::Base) —

  any Model connected to passwordless. (e.g - User or Admin).

Returns:

• (String, nil) —

  the redirect url that was just deleted, or nil if no url found for given Model.

# File 'lib/passwordless/controller_helpers.rb', line 133

def reset_passwordless_redirect_location!(authenticatable_class)
  session.delete(redirect_session_key(authenticatable_class))
end

#save_passwordless_redirect_location!(authenticatable_class) ⇒ String

Saves request.original_url as the redirect location for a passwordless Model.

Parameters:

• authenticatable_class (ActiveRecord::Base) —

  any Model connected to passwordless. (e.g - User or Admin).

Returns:

• (String) —

  the redirect url that was just saved.

# File 'lib/passwordless/controller_helpers.rb', line 124

def save_passwordless_redirect_location!(authenticatable_class)
  session[redirect_session_key(authenticatable_class)] = request.original_url
end

#session_key(authenticatable_class) ⇒ Object

# File 'lib/passwordless/controller_helpers.rb', line 137

def session_key(authenticatable_class)
  :"passwordless_session_id--#{authenticatable_class_parameterized(authenticatable_class)}"
end

#sign_in(record) ⇒ ActiveRecord::Base

Signs in session to sign in

Parameters:

• authenticatable (Passwordless::Session) —

  Instance of Session

Returns:

• (ActiveRecord::Base) —

  the record that is passed in.

Raises:

• (Passwordless::Errors::SessionTimedOutError)

# File 'lib/passwordless/controller_helpers.rb', line 76

def sign_in(record)
  passwordless_session = if record.is_a?(Passwordless::Session)
    record
  else
    warn(
      "Passwordless::ControllerHelpers#sign_in with authenticatable " \
        "(`#{record.class}') is deprecated. Falling back to creating a " \
        "new Passwordless::Session"
    )
    build_passwordless_session(record).tap { |s| s.save! }
  end

  passwordless_session.claim! if Passwordless.restrict_token_reuse

  raise Passwordless::Errors::SessionTimedOutError if passwordless_session.timed_out?

  old_session = session.dup.to_hash
  reset_session
  old_session.each_pair { |k, v| session[k.to_sym] = v }

  key = session_key(passwordless_session.authenticatable_type)
  session[key] = passwordless_session.id

  if record.is_a?(Passwordless::Session)
    passwordless_session
  else
    passwordless_session.authenticatable
  end
end

#sign_out(authenticatable_class) ⇒ boolean

Signs out user by deleting the session key.

Parameters:

• authenticatable_class (ActiveRecord::Base) —

  any Model connected to passwordless. (e.g - User or Admin).

Returns:

• (boolean) —

  Always true

# File 'lib/passwordless/controller_helpers.rb', line 109

def sign_out(authenticatable_class)
  # Deprecated - cookies
  key = cookie_name(authenticatable_class)
  cookies.encrypted.permanent[key] = {value: nil}
  cookies.delete(key)

  # /deprecated
  reset_session
  true
end

#upgrade_passwordless_cookie(authenticatable_class) ⇒ Object

# File 'lib/passwordless/controller_helpers.rb', line 45

def upgrade_passwordless_cookie(authenticatable_class)
  key = cookie_name(authenticatable_class)

  return unless (authenticatable_id = cookies.encrypted[key])
  cookies.encrypted.permanent[key] = {value: nil}
  cookies.delete(key)

  return unless (record = authenticatable_class.find_by(id: authenticatable_id))
  new_session = build_passwordless_session(record).tap { |s| s.save! }

  sign_in(new_session)

  new_session.authenticatable
end