Module: QuoVadis::Controller
- Defined in:
- lib/quo_vadis/controller.rb
Defined Under Namespace
Classes: QuoVadisWrapper
Class Method Summary collapse
Instance Method Summary collapse
-
#authenticated_model ⇒ Object
Returns the model instance which has been authenticated by password, or nil.
- #logged_in? ⇒ Boolean
-
#login(model, browser_session = true, metadata: {}) ⇒ Object
To be called with a model which has authenticated with a password.
- #qv ⇒ Object
- #require_password_authentication ⇒ Object (also: #require_authentication)
-
#require_two_factor_authentication ⇒ Object
implies require_password_authentication.
Class Method Details
.included(base) ⇒ Object
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/quo_vadis/controller.rb', line 6 def self.included(base) if Rails.env.test? base.before_action { if params[:login] model = GlobalID::Locator.locate(params.delete(:login)) login model end } end base.before_action { CurrentRequestDetails.request = request } base.helper_method :authenticated_model, :logged_in? # Remember the last activity time so we can timeout idle sessions. # This has to be done after that timestamp is checked (in `#authenticated_model`) # otherwise sessions could never look idle. # # Ignores ActiveStorage requests. base.after_action { |controller| if !defined?(::ActiveStorage) || !controller.class.module_parents.include?(::ActiveStorage) controller.qv.touch_session_last_seen_at end } end |
Instance Method Details
#authenticated_model ⇒ Object
Returns the model instance which has been authenticated by password, or nil.
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/quo_vadis/controller.rb', line 90 def authenticated_model return @authenticated_model if defined? @authenticated_model # Was not logged in so no need to log out. return (@authenticated_model = nil) unless qv.session_id _qv_session = qv.session # If _qv_session is nil: user was logged in (because qv.session_id is not nil) # but now isn't (because there is no corresponding record in the database). This # means the user has remotely logged out this session from another. if _qv_session.nil? || _qv_session.expired? qv.logout return (@authenticated_model = nil) end @authenticated_model = _qv_session.account.model end |
#logged_in? ⇒ Boolean
83 84 85 |
# File 'lib/quo_vadis/controller.rb', line 83 def logged_in? !authenticated_model.nil? end |
#login(model, browser_session = true, metadata: {}) ⇒ Object
To be called with a model which has authenticated with a password.
browser_session - true: login only for duration of browser session
false: login for QuoVadis.session_lifetime (which may be browser session anyway)
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/quo_vadis/controller.rb', line 61 def login(model, browser_session = true, metadata: {}) qv.log model.qv_account, Log::LOGIN_SUCCESS, qv.prevent_rails_session_fixation lifetime_expires_at = qv.lifetime_expires_at browser_session qv_session = model.qv_account.sessions.create!( ip: request.remote_ip, user_agent: (request.user_agent || ''), lifetime_expires_at: lifetime_expires_at ) qv.store_session_id qv_session.id, lifetime_expires_at # It is not necessary to set the instance variable here -- the # `authenticated_model` method will figure it out from the qv.session -- # but doing so saves that method a couple of database calls. @authenticated_model = model end |
#qv ⇒ Object
110 111 112 |
# File 'lib/quo_vadis/controller.rb', line 110 def qv @qv_wrapper ||= QuoVadisWrapper.new self end |
#require_password_authentication ⇒ Object Also known as: require_authentication
33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/quo_vadis/controller.rb', line 33 def require_password_authentication if logged_in? if QuoVadis.accounts_require_confirmation && !authenticated_model.qv_account.confirmed? qv.request_confirmation authenticated_model session[:qv_bookmark] = request.original_fullpath redirect_to quo_vadis.confirm_path end return end session[:qv_bookmark] = request.original_fullpath redirect_to quo_vadis.login_path, notice: QuoVadis.translate('flash.require_authentication') end |
#require_two_factor_authentication ⇒ Object
implies require_password_authentication
49 50 51 52 53 54 |
# File 'lib/quo_vadis/controller.rb', line 49 def require_two_factor_authentication return require_authentication unless logged_in? return unless qv.second_factor_required? return if qv.second_factor_authenticated? redirect_to quo_vadis.challenge_totps_path and return end |