class Authlogic::ControllerAdapters::AbstractAdapter
Allows you to use Authlogic
in any framework you want, not just rails. See the RailsAdapter
for an example of how to adapt Authlogic
to work with your framework.
Constants
- ENV_SESSION_OPTIONS
- E_COOKIE_DOMAIN_ADAPTER
Attributes
Public Class Methods
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 15 def initialize(controller) self.controller = controller end
Public Instance Methods
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 19 def authenticate_with_http_basic @auth = Rack::Auth::Basic::Request.new(controller.request.env) if @auth.provided? && @auth.basic? yield(*@auth.credentials) else false end end
You can disable the updating of `last_request_at` on a per-controller basis.
# in your controller def last_request_update_allowed? false end
For example, what if you had a javascript function that polled the server updating how much time is left in their session before it times out. Obviously you would want to ignore this request, because then the user would never time out. So you can do something like this in your controller:
def last_request_update_allowed? action_name != "update_session_time_left" end
See `authlogic/session/magic_columns.rb` to learn more about the `last_request_at` column itself.
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 100 def last_request_update_allowed? if controller.respond_to?(:last_request_update_allowed?, true) controller.send(:last_request_update_allowed?) else true end end
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 36 def params controller.params end
Inform Rack that we would like a new session ID to be assigned. Changes the ID, but not the contents of the session.
The `:renew` option is read by `rack/session/abstract/id.rb`.
This is how Devise (via warden) implements defense against Session
Fixation. Our implementation is copied directly from the warden gem (set_user in warden/proxy.rb)
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 56 def renew_session_id env = request.env options = env[ENV_SESSION_OPTIONS] if options if options.frozen? env[ENV_SESSION_OPTIONS] = options.merge(renew: true).freeze else options[:renew] = true end end end
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 40 def request controller.request end
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 44 def request_content_type request.content_type end
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 108 def respond_to_missing?(*args) super(*args) || controller.respond_to?(*args) end
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 72 def responds_to_single_access_allowed? controller.respond_to?(:single_access_allowed?, true) end
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 68 def session controller.session end
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 76 def single_access_allowed? controller.send(:single_access_allowed?) end
Private Instance Methods
# File lib/authlogic/controller_adapters/abstract_adapter.rb, line 114 def method_missing(id, *args, &block) controller.send(id, *args, &block) end