module DeviseRemote::HttpHeaderAuthenticatableBehavior

Public Instance Methods

valid_user?(headers) click to toggle source

@param [Hash] headers from ActionDispatch::Request#headers @return [Boolean] @note Called if the user doesn't already have a rails session cookie

# File lib/devise_remote/http_header_authenticatable_behavior.rb, line 23
def valid_user?(headers)
  remote_user(headers).present?
end

Protected Instance Methods

remote_user(headers) click to toggle source

@note In production, only check for REMOTE_USER. HTTP_ is removed from the variable before

it is passed to the application. In test or development, this may or may not
happen depending on the setup or testing framework, so we allow both. This allows for
ModHeader and other browser plugins to be used in development mode.
# File lib/devise_remote/http_header_authenticatable_behavior.rb, line 33
def remote_user(headers)
  if Rails.env.production?
    headers.fetch('REMOTE_USER', nil)
  else
    headers.fetch('REMOTE_USER', nil) || headers.fetch('HTTP_REMOTE_USER', nil)
  end
end