Class: Authlogic::ControllerAdapters::AbstractAdapter

Inherits:

Object

• Object
• Authlogic::ControllerAdapters::AbstractAdapter

Defined in:

lib/authlogic/controller_adapters/abstract_adapter.rb

Overview

Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter for an example of how to adapt Authlogic to work with your framework.

Direct Known Subclasses

RackAdapter, RailsAdapter, SinatraAdapter::Adapter, TestCase::MockAPIController, TestCase::MockController, TestCase::RailsRequestAdapter

Constant Summary

E_COOKIE_DOMAIN_ADAPTER =

"The cookie_domain method has not been " \
"implemented by the controller adapter"

ENV_SESSION_OPTIONS =

"rack.session.options"

Instance Attribute Summary

• #controller ⇒ Object

  Returns the value of attribute controller.

Instance Method Summary

• #authenticate_with_http_basic ⇒ Object
• #cookie_domain ⇒ Object
• #cookies ⇒ Object
• #initialize(controller) ⇒ AbstractAdapter constructor

  A new instance of AbstractAdapter.

• #last_request_update_allowed? ⇒ Boolean

  You can disable the updating of ‘last_request_at` on a per-controller basis.

• #params ⇒ Object
• #renew_session_id ⇒ Object

  Inform Rack that we would like a new session ID to be assigned.

• #request ⇒ Object
• #request_content_type ⇒ Object
• #respond_to_missing?(*args) ⇒ Boolean
• #responds_to_single_access_allowed? ⇒ Boolean
• #session ⇒ Object
• #single_access_allowed? ⇒ Boolean

Constructor Details

#initialize(controller) ⇒ AbstractAdapter

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 15

def initialize(controller)
  self.controller = controller
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(id, *args, &block) ⇒ Object (private)

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 114

def method_missing(id, *args, &block)
  controller.send(id, *args, &block)
end

Instance Attribute Details

#controller ⇒ Object

Returns the value of attribute controller.

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 13

def controller
  @controller
end

Instance Method Details

#authenticate_with_http_basic ⇒ Object

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 19

def authenticate_with_http_basic
  @auth = Rack::Auth::Basic::Request.new(controller.request.env)
  if @auth.provided? && @auth.basic?
    yield(*@auth.credentials)
  else
    false
  end
end

#cookie_domain ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 32

def cookie_domain
  raise NotImplementedError, E_COOKIE_DOMAIN_ADAPTER
end

#cookies ⇒ Object

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 28

def cookies
  controller.cookies
end

#last_request_update_allowed? ⇒ Boolean

You can disable the updating of ‘last_request_at` on a per-controller basis.

# in your controller
def last_request_update_allowed?
  false
end

For example, what if you had a javascript function that polled the server updating how much time is left in their session before it times out. Obviously you would want to ignore this request, because then the user would never time out. So you can do something like this in your controller:

def last_request_update_allowed?
  action_name != "update_session_time_left"
end

See ‘authlogic/session/magic_columns.rb` to learn more about the `last_request_at` column itself.

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 100

def last_request_update_allowed?
  if controller.respond_to?(:last_request_update_allowed?, true)
    controller.send(:last_request_update_allowed?)
  else
    true
  end
end

#params ⇒ Object

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 36

def params
  controller.params
end

#renew_session_id ⇒ Object

Inform Rack that we would like a new session ID to be assigned. Changes the ID, but not the contents of the session.

The ‘:renew` option is read by `rack/session/abstract/id.rb`.

This is how Devise (via warden) implements defense against Session Fixation. Our implementation is copied directly from the warden gem (set_user in warden/proxy.rb)

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 56

def renew_session_id
  env = request.env
  options = env[ENV_SESSION_OPTIONS]
  if options
    if options.frozen?
      env[ENV_SESSION_OPTIONS] = options.merge(renew: true).freeze
    else
      options[:renew] = true
    end
  end
end

#request ⇒ Object

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 40

def request
  controller.request
end

#request_content_type ⇒ Object

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 44

def request_content_type
  request.content_type
end

#respond_to_missing?(*args) ⇒ Boolean

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 108

def respond_to_missing?(*args)
  super(*args) || controller.respond_to?(*args)
end

#responds_to_single_access_allowed? ⇒ Boolean

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 72

def responds_to_single_access_allowed?
  controller.respond_to?(:single_access_allowed?, true)
end

#session ⇒ Object

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 68

def session
  controller.session
end

#single_access_allowed? ⇒ Boolean

# File 'lib/authlogic/controller_adapters/abstract_adapter.rb', line 76

def single_access_allowed?
  controller.send(:single_access_allowed?)
end