/
abstract_adapter.rb
119 lines (102 loc) · 3.29 KB
/
abstract_adapter.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# frozen_string_literal: true
module Authlogic
module ControllerAdapters # :nodoc:
# Allows you to use Authlogic in any framework you want, not just rails. See
# the RailsAdapter for an example of how to adapt Authlogic to work with
# your framework.
class AbstractAdapter
E_COOKIE_DOMAIN_ADAPTER = "The cookie_domain method has not been " \
"implemented by the controller adapter"
ENV_SESSION_OPTIONS = "rack.session.options"
attr_accessor :controller
def initialize(controller)
self.controller = controller
end
def authenticate_with_http_basic
@auth = Rack::Auth::Basic::Request.new(controller.request.env)
if @auth.provided? && @auth.basic?
yield(*@auth.credentials)
else
false
end
end
def cookies
controller.cookies
end
def cookie_domain
raise NotImplementedError, E_COOKIE_DOMAIN_ADAPTER
end
def params
controller.params
end
def request
controller.request
end
def request_content_type
request.content_type
end
# Inform Rack that we would like a new session ID to be assigned. Changes
# the ID, but not the contents of the session.
#
# The `:renew` option is read by `rack/session/abstract/id.rb`.
#
# This is how Devise (via warden) implements defense against Session
# Fixation. Our implementation is copied directly from the warden gem
# (set_user in warden/proxy.rb)
def renew_session_id
env = request.env
options = env[ENV_SESSION_OPTIONS]
if options
if options.frozen?
env[ENV_SESSION_OPTIONS] = options.merge(renew: true).freeze
else
options[:renew] = true
end
end
end
def session
controller.session
end
def responds_to_single_access_allowed?
controller.respond_to?(:single_access_allowed?, true)
end
def single_access_allowed?
controller.send(:single_access_allowed?)
end
# You can disable the updating of `last_request_at`
# on a per-controller basis.
#
# # in your controller
# def last_request_update_allowed?
# false
# end
#
# For example, what if you had a javascript function that polled the
# server updating how much time is left in their session before it
# times out. Obviously you would want to ignore this request, because
# then the user would never time out. So you can do something like
# this in your controller:
#
# def last_request_update_allowed?
# action_name != "update_session_time_left"
# end
#
# See `authlogic/session/magic_columns.rb` to learn more about the
# `last_request_at` column itself.
def last_request_update_allowed?
if controller.respond_to?(:last_request_update_allowed?, true)
controller.send(:last_request_update_allowed?)
else
true
end
end
def respond_to_missing?(*args)
super(*args) || controller.respond_to?(*args)
end
private
def method_missing(id, *args, &block)
controller.send(id, *args, &block)
end
end
end
end