class Authlogic::ControllerAdapters::AbstractAdapter

Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter for an example of how to adapt Authlogic to work with your framework.

Constants

ENV_SESSION_OPTIONS

Attributes

controller[RW]

Public Class Methods

new(controller) click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 15
def initialize(controller)
  self.controller = controller
end

Public Instance Methods

authenticate_with_http_basic() { |*credentials| ... } click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 19
def authenticate_with_http_basic
  @auth = Rack::Auth::Basic::Request.new(controller.request.env)
  if @auth.provided? && @auth.basic?
    yield(*@auth.credentials)
  else
    false
  end
end
cookies() click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 28
def cookies
  controller.cookies
end
last_request_update_allowed?() click to toggle source

You can disable the updating of `last_request_at` on a per-controller basis.

# in your controller
def last_request_update_allowed?
  false
end

For example, what if you had a javascript function that polled the server updating how much time is left in their session before it times out. Obviously you would want to ignore this request, because then the user would never time out. So you can do something like this in your controller:

def last_request_update_allowed?
  action_name != "update_session_time_left"
end

See `authlogic/session/magic_columns.rb` to learn more about the `last_request_at` column itself.

# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 100
def last_request_update_allowed?
  if controller.respond_to?(:last_request_update_allowed?, true)
    controller.send(:last_request_update_allowed?)
  else
    true
  end
end
params() click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 36
def params
  controller.params
end
renew_session_id() click to toggle source

Inform Rack that we would like a new session ID to be assigned. Changes the ID, but not the contents of the session.

The `:renew` option is read by `rack/session/abstract/id.rb`.

This is how Devise (via warden) implements defense against Session Fixation. Our implementation is copied directly from the warden gem (set_user in warden/proxy.rb)

# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 56
def renew_session_id
  env = request.env
  options = env[ENV_SESSION_OPTIONS]
  if options
    if options.frozen?
      env[ENV_SESSION_OPTIONS] = options.merge(renew: true).freeze
    else
      options[:renew] = true
    end
  end
end
request() click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 40
def request
  controller.request
end
request_content_type() click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 44
def request_content_type
  request.content_type
end
respond_to_missing?(*args) click to toggle source
Calls superclass method
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 108
def respond_to_missing?(*args)
  super(*args) || controller.respond_to?(*args)
end
responds_to_single_access_allowed?() click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 72
def responds_to_single_access_allowed?
  controller.respond_to?(:single_access_allowed?, true)
end
session() click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 68
def session
  controller.session
end
single_access_allowed?() click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 76
def single_access_allowed?
  controller.send(:single_access_allowed?)
end

Private Instance Methods

method_missing(id, *args, &block) click to toggle source
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 114
def method_missing(id, *args, &block)
  controller.send(id, *args, &block)
end