Verifying that authenticate is called.

[maxcal]

It would be nice if there was built in support for verifying that authentication is enforced to lock down an application much like verify_authorized in Pundit.

Comments? Is this something you would like to see in a PR?

I'm thinking of something like:

module Knock::Authenticable
  def current_user
    @current_user ||= begin
      token = params[:token] || request.headers['Authorization'].split.last
      Knock::AuthToken.new(token: token).current_user
    rescue
      nil
    end
  end

  def authenticate
    @_authentication_performed = true
    head :unauthorized unless current_user
  end

  def authentication_performed?
    !!@_authentication_performed
  end

  def verify_authentication
    raise Knock::AuthenticationNotPerformedError unless authentication_performed?
  end
end

Usage:

class ApplicationController < ActionController::API
  include Knock::Authenticable 
  after_action :verify_authentication, except: [:show, :index]
end

[nsarno]

I'm not sure I understand the benefit of this in the context of authentication. Why isn't the call to before_action :authenticate at the start of a controller explicit enough? I feel like this is something you should test, not double check everytime at runtime. Let me know if I'm missing something.