module HeimdallAuth::ControllerAdditions
This module is automatically included into all controllers. It adds methods like current_user
but also handles auth-failure redirections
Public Class Methods
included(base)
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 9 def self.included(base) base.helper_method :current_user, :current_access_token, :user_signed_in? if base.respond_to? :helper_method base.before_action :store_location_in_session base.rescue_from CanCan::AccessDenied do |exception| user_token = params[:user_token].presence respond_to do |format| format.json { head :forbidden, content_type: 'text/html' } format.html { if current_user.nil? redirect_to new_user_session_path({user_token: user_token}) elsif current_user.is_invalid render 'application/invalid_user_data' else render 'application/not_enough_rights' end } end end end
Public Instance Methods
current_ability()
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 32 def current_ability @current_ability ||= Ability.new(current_user) end
current_access_token()
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 46 def current_access_token session[:access_token] || params[:access_token] || request.headers['HeimdallAccessToken'] end
current_user()
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 50 def current_user begin @current_user ||= get_user_from_auth_server(current_access_token) rescue NoMethodError => e User.new(is_invalid: true) rescue Exception => e nil end end
get_user_from_auth_server(access_token)
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 60 def get_user_from_auth_server(access_token) client = OAuth2::Client.new(ENV['HEIMDALL_APPLICATION_ID'], ENV['HEIMDALL_APPLICATION_SECRET'], :site => ENV['HEIMDALL_SERVER_URL']) user_data = OAuth2::AccessToken.new(client,access_token).get('/me.json').parsed User.new(user_data) end
storable_location?()
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 41 def storable_location? request.get? && request.format.try(:ref) == :html && !is_a?(SessionsController) && !request.xhr? end
store_location_in_session()
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 36 def store_location_in_session session[:last_url] = request.url if storable_location? ::Rails.logger.info("\033[32m session[:last_url] = #{session[:last_url]} \033[0m") end
user_signed_in?()
click to toggle source
# File lib/heimdall_auth/controller_additions.rb, line 66 def user_signed_in? return true if current_user end