Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use cookies only when available #684

Merged
merged 4 commits into from May 26, 2020
Merged

Use cookies only when available #684

merged 4 commits into from May 26, 2020

Conversation

epaew
Copy link
Contributor

@epaew epaew commented Sep 15, 2019

Because ActionController::API does not include ActionController::Cookies metal and ActionDispatch::Cookies rack module,
Therefore, our controller can not use the cookies method.

In this patch, Authlogic::Session::Base calls controller#cookies only when available.

@jaredbeck
Copy link
Collaborator

Hello Maeda-san, thanks for the contribution! I haven't personally used ActionController::API, but this is something I'd like to help with.

Just curious, how do you authenticate API requests, with params, aka. "single access token"?

Regarding your implementation, it all makes sense at first glance. What suggestions to you have for how we can test these changes? We have Authlogic::TestCase::MockController. Maybe we can add Authlogic::TestCase::MockAPIController?

@epaew
Copy link
Contributor Author

epaew commented Sep 28, 2019

Hello, Jared. Thank you for your response.

Just curious, how do you authenticate API requests, with params, aka. "single access token"?

Yes, I plan to get single_access_token from params (or HTTP Authorization header, with monkey patching) for authentication.

What suggestions to you have for how we can test these changes? We have
Authlogic::TestCase::MockController. Maybe we can add Authlogic::TestCase::MockAPIController?

I tried to add Authlogic::TestCase::MockAPIController and some test cases for my changes. Please review it.

jaredbeck
jaredbeck reviewed Dec 17, 2019
View reviewed changes
Copy link
Collaborator

@jaredbeck jaredbeck left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is close! I like how you've written an "adapter test" and a "persistence test".

  1. I've commented on a few lines that I don't understand. Please explain.
  2. Please add an entry to CHANGELOG.md under "Unreleased -> Added -> Support for ActionController::API"
  3. Please add a section 2.b.2. ActionController::API to the readme. Please include a small, complete example of an API controller, and a link to the "single access token" documentation in base.rb.

lib/authlogic/controller_adapters/rails_adapter.rb
@@ -14,7 +14,7 @@ def authenticate_with_http_basic(&block)
# Returns a `ActionDispatch::Cookies::CookieJar`. See the AC guide
# http://guides.rubyonrails.org/action_controller_overview.html#cookies
def cookies
controller.send(:cookies)
controller.respond_to?(:cookies, true) ? controller.send(:cookies) : nil
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good. I spent some time playing around with ActionController::API and I was able to reproduce the need for this.

lib/authlogic/session/base.rb
@@ -415,10 +415,10 @@ def self.#{method}(*filter_list, &block)
before_save :set_last_request_at

after_save :reset_perishable_token!
after_save :save_cookie
after_save :save_cookie, if: :cookie_enabled?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a reasonable change, but without it the tests still pass, so is it really necessary?

lib/authlogic/test_case/mock_controller.rb
@@ -39,7 +39,7 @@ def params
end

def request
@request ||= MockRequest.new(controller)
@request ||= MockRequest.new(self)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this change. The tests pass without it. Can you please explain?

lib/authlogic/test_case/mock_request.rb
@@ -9,6 +9,10 @@ def initialize(controller)
self.controller = controller
end

def format
controller.request_content_type if controller.respond_to? :request_content_type
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conditional seems unnecessary. I can remove the if controller.respond_to? and the tests still pass. I guess because both of our "test controllers" respond to request_content_type?

@jaredbeck jaredbeck merged commit 076bfd3 into binarylogic:master May 26, 2020
jaredbeck added a commit that referenced this pull request May 26, 2020
@jaredbeck
Docs: #684
b8aa4bf
@jaredbeck
Copy link
Collaborator

Merged, thanks!

Please add a section 2.b.2. ActionController::API to the readme. Please include a small, complete example of an API controller, and a link to the "single access token" documentation in base.rb.

I've left a documentation place-holder at 2.b.3.. Please expand upon it when you have time.

Let me know how it goes with ActionController::API, I am curious.

@kimyu92
Copy link

kimyu92 commented Mar 30, 2023

@jaredbeck @epaew Do you mind to share example for ActionController::API?

It's still missing from the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaredbeck jaredbeck jaredbeck left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@epaew @jaredbeck @kimyu92