Module: AuthenticatedSystem

Methods

access_denied
authorized?
current_user
current_user=
included
logged_in?
login_from_basic_auth
login_from_cookie
login_from_session
login_required
redirect_back_or_default
store_location

Protected Class methods

included(base)

Inclusion hook to make current_user and logged_in? available as ActionView helper methods.

    # File lib/authenticated_system.rb, line 97
97:     def self.included(base)
98:       base.send :helper_method, :current_user, :logged_in?
99:     end

Protected Instance methods

access_denied()

Redirect as appropriate when an access request fails.

The default action is to redirect to the login screen.

Override this method in your controllers if you want to have special behavior in case the user is not authorized to access the requested action. For example, a popup window might simply close itself.

[ show source ]

    # File lib/authenticated_system.rb, line 64
64:     def access_denied
65:       # oddly enough IE requests for '/' are interpreted as image/gif (!)
66:       request.format = :html if request.env['HTTP_USER_AGENT'] =~ /msie/i
67:       respond_to do |format|
68:         format.html do
69:           store_location
70:           flash[:notice] = 'Access denied.'
71:           redirect_to login_path
72:         end
73:         # this did not work as expected. A patch has been applied. See:
74:         # http://dev.rubyonrails.org/ticket/11140
75:         format.any do
76:           request_http_basic_authentication 'Web Password'
77:         end
78:       end
79:     end

authorized?()

Check if the user is authorized

Override this method in your controllers if you want to restrict access to only a few actions or if you want to check if the user has the correct rights.

Example:

 # only allow nonbobs
 def authorized?
   current_user.login != "bob"
 end

[ show source ]

    # File lib/authenticated_system.rb, line 34
34:     def authorized?
35:       logged_in?
36:     end

current_user()

Accesses the current user from the session. Future calls avoid the database because nil is not equal to false.

[ show source ]

    # File lib/authenticated_system.rb, line 11
11:     def current_user
12:       #@current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
13:       @current_user ||= login_from_session || login_from_basic_auth unless @current_user == false
14:     end

current_user=(new_user)

Store the given user id in the session.

[ show source ]

    # File lib/authenticated_system.rb, line 17
17:     def current_user=(new_user)
18:       session[:user_id] = new_user #? new_user.id : nil
19:       @current_user = new_user || false
20:     end

logged_in?()

Returns true or false if the user is logged in. Preloads @current_user with the user model if they‘re logged in.

[ show source ]

   # File lib/authenticated_system.rb, line 5
5:     def logged_in?
6:       !!current_user
7:     end

login_from_basic_auth()

Called from current_user. Now, attempt to login by basic authentication information.

[ show source ]

     # File lib/authenticated_system.rb, line 108
108:     def login_from_basic_auth
109:       authenticate_with_http_basic do |username, password|
110:         ##self.current_user = User.authenticate(username, password)
111:         if not ( username.nil? || password.nil? || password != Configuration.password )
112:           current_user = username
113:         end
114:       end
115:     end

login_from_cookie()

Called from current_user. Finaly, attempt to login by an expiring token in the cookie.

[ show source ]

     # File lib/authenticated_system.rb, line 118
118:     def login_from_cookie
119:       user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
120:       if user && user.remember_token?
121:         cookies[:auth_token] = { :value => user.remember_token, :expires => user.remember_token_expires_at }
122:         self.current_user = user
123:       end
124:     end

login_from_session()

Called from current_user. First attempt to login by the user id stored in the session.

[ show source ]

     # File lib/authenticated_system.rb, line 102
102:     def login_from_session
103:       #self.current_user = User.find_by_id(session[:user_id]) if session[:user_id]
104:       self.current_user = session[:user_id] if session[:user_id]
105:     end

login_required()

Filter method to enforce a login requirement.

To require logins for all actions, use this in your controllers:

  before_filter :login_required

To require logins for specific actions, use this in your controllers:

  before_filter :login_required, :only => [ :edit, :update ]

To skip this in a subclassed controller:

  skip_before_filter :login_required

[ show source ]

    # File lib/authenticated_system.rb, line 52
52:     def login_required
53:       authorized? || access_denied
54:     end

redirect_back_or_default(default)

Redirect to the URI stored by the most recent store_location call or to the passed default.

[ show source ]

    # File lib/authenticated_system.rb, line 90
90:     def redirect_back_or_default(default)
91:       redirect_to(session[:return_to] || default)
92:       session[:return_to] = nil
93:     end

store_location()

Store the URI of the current request in the session.

We can return to this location by calling redirect_back_or_default.

[ show source ]

    # File lib/authenticated_system.rb, line 84
84:     def store_location
85:       session[:return_to] = request.request_uri
86:     end