Class: RailsIdentity::SessionsController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• RailsIdentity::SessionsController

Defined in:

app/controllers/rails_identity/sessions_controller.rb

Overview

This class is sessions controller that performs CRD on session objects. Note that a token includes its session ID. Use “current” to look up a session in the current context.

Instance Method Summary

• #create ⇒ Object

  This action is essentially the login action.

• #destroy ⇒ Object

  Deletes a session.

• #index ⇒ Object

  Lists all sessions that belong to the specified or authenticated user.

• #show ⇒ Object

  Shows a session information.

Methods inherited from ApplicationController

#options

Methods included from ApplicationHelper

#accept_token, #authorized?, #find_object, #get_user, #render_error, #render_errors, #require_admin_token, #require_token

Instance Method Details

#create ⇒ Object

This action is essentially the login action. Note that get_user is not triggered for this action because we will look at username first. That would be the “normal” way to login. The alternative would be with the token based authentication. If the latter doesn’t make sense, just use the username and password approach.

# File 'app/controllers/rails_identity/sessions_controller.rb', line 41

def create
  @user = User.find_by_username(session_params[:username])
  if (@user && @user.authenticate(session_params[:password])) || get_user()
    raise Errors::UnauthorizedError unless @user.verified
    @session = Session.new(user: @user)
    if @session.save
      render json: @session, except: [:secret], status: 201
    else
      # :nocov:
      render_errors 400, @session.full_error_messages
      # :nocov:
    end
  else
    render_error 401, "Invalid username or password"
  end
end

#destroy ⇒ Object

Deletes a session.

# File 'app/controllers/rails_identity/sessions_controller.rb', line 68

def destroy
  if @session.destroy
    render body: "", status: 204
  else 
    # :nocov:
    render_error 500, "Something went wrong. Oops!"
    # :nocov:
  end
end

#index ⇒ Object

Lists all sessions that belong to the specified or authenticated user.

# File 'app/controllers/rails_identity/sessions_controller.rb', line 19

def index
  @sessions = Session.where(user: @user)
  expired = []
  active = []
  @sessions.each do |session|
    if session.expired?
      expired << session.uuid
    else
      active << session
    end
  end
  SessionsCleanupJob.perform_later(*expired)
  render json: active, except: [:secret]
end

#show ⇒ Object

Shows a session information.

# File 'app/controllers/rails_identity/sessions_controller.rb', line 61

def show
  render json: @session, except: [:secret]
end