module Authlogic
module Session
# = Params
#
# Tries to log the user in via params. Think about cookies and sessions. They are just hashes in your controller, so are params. People never
# look at params as an authentication option, but it can be useful for logging into private feeds, etc. Logging in a user is as simple as:
#
# https://www.domain.com?user_credentials=[insert single access token here]
#
# Wait, what is a single access token? It is all explained in the README. Checkout the "Tokens" section in the README, there is section about
# single access tokens. For security reasons, this type of authentication is ONLY available via single access tokens, you can NOT pass your persistence token.
# Which means you must have a single_access_token field in your database.
module Params
# Tries to validate the session from information in the params token
def valid_params?
if params_credentials && single_access_token_field && (single_access_allowed_request_types.include?(controller.request_content_type) || single_access_allowed_request_types.include?(:all) || controller.single_access_allowed?)
self.unauthorized_record = search_for_record("find_by_#{single_access_token_field}", params_credentials)
self.persisting = false
return true if valid?
self.persisting = true
else
false
end
end
private
def params_credentials
controller.params[params_key]
end
end
end
end
