Module: TentSteakFeatures::AuthController

Includes:

AuthView, HtmlController

Defined in:

lib/tent_steak/auth.rb

Overview

TentSteak controller methods for :auth feature, including a #handle_auth_post controller method for dealing with POSTed data from the auth form helpers.

Constant Summary

Constants included from AuthView

TentSteakFeatures::AuthView::ACTION_LOGIN, TentSteakFeatures::AuthView::ACTION_LOGOUT, TentSteakFeatures::AuthView::AUTH_DENIED, TentSteakFeatures::AuthView::AUTH_LOGOUT, TentSteakFeatures::AuthView::AUTH_VALID

Instance Method Summary

• #handle_auth_post(action = nil, username = nil, password = nil) ⇒ Object

  Top-level method to handle POST actions from #auth_login_form, #auth_logout_form, and #auth_form.

• #set_auth_proc(auth_proc) ⇒ Object

  Assigns an authorization callback block; #handle_auth_post will call this block to authenticate a user.

• #set_login_proc(login_proc) ⇒ Object

  Assigns a login callback block; #handle_auth_post will call this block when the user successfully authenticates.

• #set_logout_proc(logout_proc) ⇒ Object

  Assigns a logout callback block; #handle_auth_post will call this block when the user logs out.

Methods included from HtmlView

#add_flash, #display_flash, #flash_clear, #get_flash, #id_link, #link_stylesheet, #load_stylesheet

Methods included from AuthView

#auth_form, #auth_login_form, #auth_logout_form, #current_user, #logged_in?, #set_current_user_proc

Instance Method Details

#handle_auth_post(action = nil, username = nil, password = nil) ⇒ Object

Top-level method to handle POST actions from #auth_login_form, #auth_logout_form, and #auth_form. It returns a status hash with the results of the handling:

• :auth set to true if user was successfully authenticated (i.e. whatever the auth proc returns).

• :auth_action is a token to express the auth action taken: AUTH_LOGOUT, AUTH_DENIED, or AUTH_VALID.

• :auth_description optional status property to be set by the auth proc; displayed in parentheses in the auth flash message.

If the given action is ACTION_LOGOUT (which #auth_logout_form sets), this handler invokes the proc supplied to #set_logout_proc; this action should somehow reset #current_user to return nil to maintain proper semantics for logged_in?. Finally, the handler sets status[:auth_action] to AUTH_LOGOUT.

If the given action is ACTION_LOGIN (which #auth_login_form sets), or nil, this handler first invokes the proc supplied to #set_auth_proc, passing in username and password, plus the status hash. The auth proc can report on the outcome of the authentication process by setting the status key. The handler method will add that description to the flash message it lodges.

If login was successful, the handler calls the proc supplied to #set_login_proc and sets status[:auth_action] to AUTH_VALID. If the login was denied (auth returned false), the login proc is not called, and status[:auth_action] is set to AUTH_DENIED.

# File 'lib/tent_steak/auth.rb', line 141

def handle_auth_post(action = nil, username = nil, password = nil)
  status = {}
  status[:auth] = false

  if action == ACTION_LOGOUT
    _call_logout
    _flash_desc(:info, "Successfully logged out", status)
    status[:auth_action] = AUTH_LOGOUT
  elsif status[:auth] = _call_auth(username, password, status) # Authenticate.
    # Successfully logged in.
    _call_login
    _flash_desc(:info, "Successfully logged in as '#{current_user}'",
      status) if action == ACTION_LOGIN
    status[:auth_action] = AUTH_VALID
  else
    # Don't bother showing an error message if no username given (i.e. blank POST).
    _flash_desc(:error, "Failed to log in as user '#{username}'",
      status) if username && username.any?
    status[:auth_action] = AUTH_DENIED
  end
  status
end

#set_auth_proc(auth_proc) ⇒ Object

Assigns an authorization callback block; #handle_auth_post will call this block to authenticate a user. The block should accept parameters of username, password, and a status hash. If the user authentication is successful, the block should return true, otherwise false.

By default, if no auth proc is set, authentication will always fail with a false.

# File 'lib/tent_steak/auth.rb', line 170

def set_auth_proc(auth_proc)
  @auth_proc = auth_proc
end

#set_login_proc(login_proc) ⇒ Object

Assigns a login callback block; #handle_auth_post will call this block when the user successfully authenticates.

# File 'lib/tent_steak/auth.rb', line 182

def set_login_proc(login_proc)
  @login_proc = login_proc
end

#set_logout_proc(logout_proc) ⇒ Object

Assigns a logout callback block; #handle_auth_post will call this block when the user logs out.

# File 'lib/tent_steak/auth.rb', line 176

def set_logout_proc(logout_proc)
  @logout_proc = logout_proc
end