Module: PseudoKiosk::Controller::InstanceMethods
- Defined in:
- lib/pseudo_kiosk/controller.rb
Instance Method Summary collapse
-
#clear_pseudo_kiosk_session ⇒ Object
clear all pseudo_kiosk session variables; this is an internal function Most likely pseudo_kiosk_exit is what should be used, unless there is some usecase where you want to instantly exit the pseudo_kiosk session without going through authentication.
-
#pseudo_kiosk_exit(unlock_redirect_url) ⇒ Object
redirects to pseudo_kiosk unlock screen.
-
#pseudo_kiosk_start(url_whitelist, unauthorized_endpoint_redirect_url) ⇒ Object
Locks the session down for unprivileged usage.
-
#secure_pseudo_kiosk ⇒ Object
To be used in before_action in the application_controller.
Instance Method Details
#clear_pseudo_kiosk_session ⇒ Object
clear all pseudo_kiosk session variables; this is an internal function Most likely pseudo_kiosk_exit is what should be used, unless there is some usecase where you want to instantly exit the pseudo_kiosk session without going through authentication
80 81 82 83 84 85 |
# File 'lib/pseudo_kiosk/controller.rb', line 80 def clear_pseudo_kiosk_session session.delete(:pseudo_kiosk_enabled) session.delete(:pseudo_kiosk_whitelist) session.delete(:pseudo_kiosk_unauthorized_endpoint_redirect_url) session.delete(:pseudo_kiosk_unlock_redirect_url) end |
#pseudo_kiosk_exit(unlock_redirect_url) ⇒ Object
redirects to pseudo_kiosk unlock screen. When successfully unlocked, the browser is redirected to the unlock_redirect_url
65 66 67 68 69 70 71 72 73 74 75 |
# File 'lib/pseudo_kiosk/controller.rb', line 65 def pseudo_kiosk_exit(unlock_redirect_url) session[:pseudo_kiosk_unlock_redirect_url] = unlock_redirect_url # clear the whitelist here, because we want to only allow # the session to be given back to the privileged user and # for no further operations to be done in the whitelist area session.delete(:pseudo_kiosk_whitelist) session.delete(:pseudo_kiosk_unauthorized_endpoint_redirect_url) redirect_to(PseudoKiosk::Engine.routes.url_helpers.pseudo_kiosk_authentication_unlock_path) end |
#pseudo_kiosk_start(url_whitelist, unauthorized_endpoint_redirect_url) ⇒ Object
Locks the session down for unprivileged usage
Params: url_whitelist - an array of url strings or regex searches of endpoints allowed to be visited during kiosk lock mode
unauthorized_endpoint_redirect - url to redirect to if user navigates to a url outside of the url_whitelist. If nil, the unlock screen will be shown when navigating to urls outside of the whitelist; upon successful authentication, the user will be redirected to current endpoint
56 57 58 59 60 |
# File 'lib/pseudo_kiosk/controller.rb', line 56 def pseudo_kiosk_start(url_whitelist, ) session[:pseudo_kiosk_enabled] = true session[:pseudo_kiosk_whitelist] = url_whitelist session[:pseudo_kiosk_unauthorized_endpoint_redirect_url] = end |
#secure_pseudo_kiosk ⇒ Object
To be used in before_action in the application_controller. If pseudo_kiosk enabled, all endpoints that are not in the kiosk_whitelist will not allowed to be accessed
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# File 'lib/pseudo_kiosk/controller.rb', line 16 def secure_pseudo_kiosk # this needs to go to the unlock screen # binding.pry if request.path_info == test_work_flow_complete_step3_privilege_path if session[:pseudo_kiosk_enabled] whitelist = session[:pseudo_kiosk_whitelist].is_a?(Array) ? session[:pseudo_kiosk_whitelist] : [session[:pseudo_kiosk_whitelist]] return if session[:pseudo_kiosk_unauthorized_endpoint_redirect_url].nil? && (params['controller'] == 'pseudo_kiosk/authentication') whitelist.each do |allowed_url| next if allowed_url.nil? if allowed_url.is_a? Regexp return if allowed_url =~ request.path_info elsif allowed_url.start_with? "(?-mix:" return if Regexp.new(allowed_url) =~ request.path_info else return if allowed_url == request.path_info end end # need to either redirect to unauthorized_endpoint_redirect_url or allow user to break out if session[:pseudo_kiosk_unauthorized_endpoint_redirect_url].nil? session[:pseudo_kiosk_unlock_redirect_url] = request.path_info redirect_to(pseudo_kiosk_engine.routes.url_helpers.pseudo_kiosk_authentication_unlock_path) else redirect_to(session[:pseudo_kiosk_unauthorized_endpoint_redirect_url]) end end end |