Module: QuoVadis::Controller
- Defined in:
- lib/quo_vadis/controller.rb
Defined Under Namespace
Classes: QuoVadisWrapper
Class Method Summary collapse
Instance Method Summary collapse
-
#authenticated_model ⇒ Object
Returns the model instance which has been authenticated by password, or nil.
- #logged_in? ⇒ Boolean
-
#login(model, browser_session = true, metadata: {}) ⇒ Object
To be called with a model which has authenticated with a password.
- #qv ⇒ Object
- #require_password_authentication ⇒ Object (also: #require_authentication)
-
#require_two_factor_authentication ⇒ Object
implies require_password_authentication.
Class Method Details
.included(base) ⇒ Object
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/quo_vadis/controller.rb', line 6 def self.included(base) if Rails.env.test? base.before_action { if params[:login] model = GlobalID::Locator.locate(params.delete(:login)) login model end } end base.before_action { CurrentRequestDetails.request = request } base.before_action { |controller| controller.qv.require_confirmation unless controller.class == QuoVadis::ConfirmationsController } base.helper_method :authenticated_model, :logged_in? # Remember the last activity time so we can timeout idle sessions. # This has to be done after that timestamp is checked (in `#authenticated_model`) # otherwise sessions could never look idle. # # Ignores ActiveStorage requests. base.after_action { |controller| if !defined?(::ActiveStorage) || !controller.class.module_parents.include?(::ActiveStorage) controller.qv.touch_session_last_seen_at end } end |
Instance Method Details
#authenticated_model ⇒ Object
Returns the model instance which has been authenticated by password, or nil.
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/quo_vadis/controller.rb', line 87 def authenticated_model return @authenticated_model if defined? @authenticated_model # Was not logged in so no need to log out. return (@authenticated_model = nil) unless qv.session_id _qv_session = qv.session # If _qv_session is nil: user was logged in (because qv.session_id is not nil) # but now isn't (because there is no corresponding record in the database). This # means the user has remotely logged out this session from another. if _qv_session.nil? || _qv_session.expired? qv.logout return (@authenticated_model = nil) end @authenticated_model = _qv_session.account.model end |
#logged_in? ⇒ Boolean
80 81 82 |
# File 'lib/quo_vadis/controller.rb', line 80 def logged_in? !authenticated_model.nil? end |
#login(model, browser_session = true, metadata: {}) ⇒ Object
To be called with a model which has authenticated with a password.
browser_session - true: login only for duration of browser session
false: login for QuoVadis.session_lifetime (which may be browser session anyway)
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/quo_vadis/controller.rb', line 58 def login(model, browser_session = true, metadata: {}) qv.log model.qv_account, Log::LOGIN_SUCCESS, qv.prevent_rails_session_fixation lifetime_expires_at = qv.lifetime_expires_at browser_session qv_session = model.qv_account.sessions.create!( ip: request.remote_ip, user_agent: (request.user_agent || ''), lifetime_expires_at: lifetime_expires_at ) qv.store_session_id qv_session.id, lifetime_expires_at # It is not necessary to set the instance variable here -- the # `authenticated_model` method will figure it out from the qv.session -- # but doing so saves that method a couple of database calls. @authenticated_model = model end |
#qv ⇒ Object
107 108 109 |
# File 'lib/quo_vadis/controller.rb', line 107 def qv @qv_wrapper ||= QuoVadisWrapper.new self end |
#require_password_authentication ⇒ Object Also known as: require_authentication
37 38 39 40 41 |
# File 'lib/quo_vadis/controller.rb', line 37 def require_password_authentication return if logged_in? session[:qv_bookmark] = request.original_fullpath redirect_to quo_vadis.login_path, notice: QuoVadis.translate('flash.require_authentication') end |
#require_two_factor_authentication ⇒ Object
implies require_password_authentication
46 47 48 49 50 51 |
# File 'lib/quo_vadis/controller.rb', line 46 def require_two_factor_authentication return require_authentication unless logged_in? return unless qv.second_factor_required? return if qv.second_factor_authenticated? redirect_to quo_vadis.challenge_totps_path and return end |