class Object
Public Instance Methods
allow_tracking?()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 35 def allow_tracking? "#{request.headers['X-Do-Not-Track']}" != '1' && "#{request.headers['DNT']}" != '1' end
current_user()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 31 def current_user current_user_session && current_user_session.user end
current_user_session()
click to toggle source
The user is fetched using id or remember token but these come from a verified cookie (verified using secure compare) so these database calls do not need to protect against timing attacks.
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 19 def current_user_session return @current_user_session if defined?(@current_user_session) @current_user_session ||= UserSession.active.where(id: session[:user_session_id]).first if session[:user_session_id] set_current_user_session_from_remember_token unless @current_user_session @current_user_session.access(request, allow_tracking?) if @current_user_session session[:user_session_id] = @current_user_session.id if @current_user_session session[:time_zone] = @current_user_session.user.time_zone if @current_user_session set_time_zone @current_user_session end
deny_user(message=nil, location=nil)
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 92 def deny_user(message=nil, location=nil) location ||= (logged_in? ? root_path : login_path) session[:return_url] = request.fullpath respond_to do |format| format.json { head :forbidden } format.text { redirect_to(location) } format.html do flash[:error] = message || "Sorry, you must be logged in to do that" redirect_to(location) end end false end
index()
click to toggle source
# File lib/generators/authkit/templates/spec/controllers/application_controller_spec.rb, line 20 def index head :ok end
logged_in?()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 39 def logged_in? !!current_user end
login(user, remember=false)
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 52 def login(user, remember=false) reset_session @current_user_session = UserSession.create(user: user) current_user.track_sign_in(request.remote_ip) if allow_tracking? set_remember_cookie if remember session[:user_session_id] = current_user_session.id session[:time_zone] = current_user.time_zone set_time_zone current_user_session end
logout()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 63 def logout current_user_session.logout if current_user_session cookies.delete(:remember) reset_session @current_user_session = nil end
new()
click to toggle source
# File lib/generators/authkit/templates/spec/controllers/application_controller_spec.rb, line 16 def new head :ok end
record_not_unique()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 108 def record_not_unique respond_with(nil, location: root_path, status: 422) end
redirect_back_or_default()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 88 def redirect_back_or_default redirect_to(session.delete(:return_url) || root_path) end
require_completed_login()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 48 def require_completed_login redirect_to users_complete_path if current_user.incomplete? end
require_login()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 43 def require_login deny_user(nil, login_path) unless logged_in? deny_user("Your account has been suspended, please contact support", login_path) if logged_in? && current_user.suspended? end
set_current_user_session_from_remember_token()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 74 def set_current_user_session_from_remember_token token = cookies.signed[:remember] return if token.blank? @current_user_session = UserSession.active.where(remember_token: "#{token}").first @current_user_session end
set_time_zone()
click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 70 def set_time_zone Time.zone = session[:time_zone] if session[:time_zone].present? end
show()
click to toggle source
# File lib/generators/authkit/templates/spec/controllers/application_controller_spec.rb, line 24 def show head :ok end