Module: QuoVadis::Controller

Defined in:

lib/quo_vadis/controller.rb

Defined Under Namespace

Classes: QuoVadisWrapper

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #authenticated_model ⇒ Object

  Returns the model instance which has been authenticated by password, or nil.

• #logged_in? ⇒ Boolean
• #login(model, browser_session = true, metadata: {}) ⇒ Object

  To be called with a model which has authenticated with a password.

• #qv ⇒ Object
• #require_password_authentication ⇒ Object (also: #require_authentication)
• #require_two_factor_authentication ⇒ Object

  implies require_password_authentication.

Class Method Details

.included(base) ⇒ Object

# File 'lib/quo_vadis/controller.rb', line 6

def self.included(base)
  base.before_action { CurrentRequestDetails.request = request }

  base.helper_method :authenticated_model, :logged_in?

  # Remember the last activity time so we can timeout idle sessions.
  # This has to be done after that timestamp is checked (in `#authenticated_model`)
  # otherwise sessions could never look idle.
  base.after_action { |controller| controller.qv.touch_session_last_seen_at }
end

Instance Method Details

#authenticated_model ⇒ Object

Returns the model instance which has been authenticated by password, or nil.

# File 'lib/quo_vadis/controller.rb', line 74

def authenticated_model
  return @authenticated_model if defined? @authenticated_model

  # Was not logged in so no need to log out.
  return (@authenticated_model = nil) unless qv.session_id

  _qv_session = qv.session

  # If _qv_session is nil: user was logged in (because qv.session_id is not nil)
  # but now isn't (because there is no corresponding record in the database).  This
  # means the user has remotely logged out this session from another.
  if _qv_session.nil? || _qv_session.expired?
    qv.logout
    return (@authenticated_model = nil)
  end

  @authenticated_model = _qv_session.account.model
end

#logged_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/quo_vadis/controller.rb', line 67

def logged_in?
  !authenticated_model.nil?
end

#login(model, browser_session = true, metadata: {}) ⇒ Object

To be called with a model which has authenticated with a password.

browser_session - true: login only for duration of browser session

false: login for QuoVadis.session_lifetime (which may be browser session anyway)

# File 'lib/quo_vadis/controller.rb', line 45

def login(model, browser_session = true, metadata: {})
  qv.log model.qv_account, Log::LOGIN_SUCCESS, metadata

  qv.prevent_rails_session_fixation

  lifetime_expires_at = qv.lifetime_expires_at browser_session

  qv_session = model.qv_account.sessions.create!(
    ip:                  request.remote_ip,
    user_agent:          (request.user_agent || ''),
    lifetime_expires_at: lifetime_expires_at
  )

  qv.store_session_id qv_session.id, lifetime_expires_at

  # It is not necessary to set the instance variable here -- the
  # `authenticated_model` method will figure it out from the qv.session --
  # but doing so saves that method a couple of database calls.
  @authenticated_model = model
end

#qv ⇒ Object

# File 'lib/quo_vadis/controller.rb', line 94

def qv
  @qv_wrapper ||= QuoVadisWrapper.new self
end

#require_password_authentication ⇒ Object Also known as: require_authentication

# File 'lib/quo_vadis/controller.rb', line 18

def require_password_authentication
  if logged_in?
    if QuoVadis.accounts_require_confirmation && !authenticated_model.qv_account.confirmed?
      qv.request_confirmation authenticated_model
      redirect_to quo_vadis.confirm_path
    end
    return
  end
  session[:qv_bookmark] = request.original_fullpath
  redirect_to quo_vadis.login_path, notice: QuoVadis.translate('flash.require_authentication')
end

#require_two_factor_authentication ⇒ Object

implies require_password_authentication

# File 'lib/quo_vadis/controller.rb', line 33

def require_two_factor_authentication
  return require_authentication unless logged_in?
  return unless qv.second_factor_required?
  return if qv.second_factor_authenticated?
  redirect_to quo_vadis.challenge_totps_path and return
end