module Authpwn::HttpTokenControllerInstanceMethods
Included in controllers that call authenticates_using_http_token.
Public Instance Methods
bounce_to_http_token()
click to toggle source
Inform the user that their request is forbidden.
If a user is logged on, this renders the session/forbidden view with a HTTP 403 code.
If no user is logged in, a HTTP 403 code is returned, together with an HTTP Authentication header causing the user-agent (browser) to initiate http token authentication.
# File lib/authpwn_rails/http_token.rb, line 50 def bounce_to_http_token() unless current_user request_http_token_authentication return end respond_to do |format| format.html do render 'session/forbidden', layout: false, status: :forbidden end format.json do render json: { error: "You're not allowed to access that" } end end end
Private Instance Methods
authenticate_using_http_token()
click to toggle source
The before_action that implements authenticates_using_http_token.
If your ApplicationController contains authenticates_using_http_token, you can opt out in individual controllers using skip_before_action.
skip_before_action :authenticate_using_http_token
# File lib/authpwn_rails/http_token.rb, line 29 def authenticate_using_http_token return if current_user authenticate_with_http_token do |token_code, options| auth = Tokens::Api.authenticate token_code # NOTE: Setting the instance variable directly bypasses the session # setup. Tokens are generally used in API contexts, so the session # cookie would get ignored anyway. @current_user = auth unless auth.kind_of? Symbol end end