module Authpwn::HttpBasicControllerInstanceMethods
Included in controllers that call authenticates_using_http_basic.
Public Instance Methods
bounce_to_http_basic()
click to toggle source
Inform the user that their request is forbidden.
If a user is logged on, this renders the session/forbidden view with a HTTP 403 code.
If no user is logged in, a HTTP 403 code is returned, together with an HTTP Authentication header causing the user-agent (browser) to initiate http basic authentication.
# File lib/authpwn_rails/http_basic.rb, line 47 def bounce_to_http_basic() unless current_user request_http_basic_authentication return end respond_to do |format| format.html do render 'session/forbidden', layout: false, status: :forbidden end format.json do render json: { error: "You're not allowed to access that" } end end end
Private Instance Methods
authenticate_using_http_basic()
click to toggle source
The before_action that implements authenticates_using_http_basic.
If your ApplicationController contains authenticates_using_http_basic, you can opt out in individual controllers using skip_before_action.
skip_before_action :authenticate_using_http_basic
# File lib/authpwn_rails/http_basic.rb, line 29 def authenticate_using_http_basic return if current_user authenticate_with_http_basic do |email, password| signin = Session.new email: email, password: password auth = User.authenticate_signin signin self.current_user = auth unless auth.kind_of? Symbol end end