class Object

Public Instance Methods

allow_tracking?() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 35
def allow_tracking?
  "#{request.headers['X-Do-Not-Track']}" != '1' && "#{request.headers['DNT']}" != '1'
end
current_user() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 31
def current_user
  current_user_session && current_user_session.user
end
current_user_session() click to toggle source

The user is fetched using id or remember token but these come from a verified cookie (verified using secure compare) so these database calls do not need to protect against timing attacks.

# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 19
def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session ||= UserSession.active.where(id: session[:user_session_id]).first if session[:user_session_id]
  set_current_user_session_from_remember_token unless @current_user_session
  @current_user_session.access(request, allow_tracking?) if @current_user_session
  session[:user_session_id] = @current_user_session.id if @current_user_session
  session[:time_zone] = @current_user_session.user.time_zone if @current_user_session
  set_time_zone

  @current_user_session
end
deny_user(message=nil, location=nil) click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 92
def deny_user(message=nil, location=nil)
  location ||= (logged_in? ? root_path : login_path)

  session[:return_url] = request.fullpath
  respond_to do |format|
    format.json { head :forbidden }
    format.text { redirect_to(location) }
    format.html do
      flash[:error] = message || "Sorry, you must be logged in to do that"
      redirect_to(location)
    end
  end

  false
end
index() click to toggle source
# File lib/generators/authkit/templates/spec/controllers/application_controller_spec.rb, line 20
def index
  head :ok
end
logged_in?() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 39
def logged_in?
  !!current_user
end
login(user, remember=false) click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 52
def login(user, remember=false)
  reset_session
  @current_user_session = UserSession.create(user: user)
  current_user.track_sign_in(request.remote_ip) if allow_tracking?
  set_remember_cookie if remember
  session[:user_session_id] = current_user_session.id
  session[:time_zone] = current_user.time_zone
  set_time_zone
  current_user_session
end
logout() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 63
def logout
  current_user_session.logout if current_user_session
  cookies.delete(:remember)
  reset_session
  @current_user_session = nil
end
new() click to toggle source
# File lib/generators/authkit/templates/spec/controllers/application_controller_spec.rb, line 16
def new
  head :ok
end
record_not_unique() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 108
def record_not_unique
  respond_with(nil, location: root_path, status: 422)
end
redirect_back_or_default() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 88
def redirect_back_or_default
  redirect_to(session.delete(:return_url) || root_path)
end
require_completed_login() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 48
def require_completed_login
  redirect_to users_complete_path if current_user.incomplete?
end
require_login() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 43
def require_login
  deny_user(nil, login_path) unless logged_in?
  deny_user("Your account has been suspended, please contact support", login_path) if logged_in? && current_user.suspended?
end
set_current_user_session_from_remember_token() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 74
def set_current_user_session_from_remember_token
  token = cookies.signed[:remember]
  return if token.blank?
  @current_user_session = UserSession.active.where(remember_token: "#{token}").first
  @current_user_session
end
set_time_zone() click to toggle source
# File lib/generators/authkit/templates/app/controllers/application_controller.rb, line 70
def set_time_zone
  Time.zone = session[:time_zone] if session[:time_zone].present?
end
show() click to toggle source
# File lib/generators/authkit/templates/spec/controllers/application_controller_spec.rb, line 24
def show
  head :ok
end