module DeviseRemote::HttpHeaderAuthenticatableBehavior
Public Instance Methods
valid_user?(headers)
click to toggle source
@param [Hash] headers from ActionDispatch::Request#headers @return [Boolean] @note Called if the user doesn't already have a rails session cookie
# File lib/devise_remote/http_header_authenticatable_behavior.rb, line 23 def valid_user?(headers) remote_user(headers).present? end
Protected Instance Methods
remote_user(headers)
click to toggle source
@note In production, only check for REMOTE_USER. HTTP_ is removed from the variable before
it is passed to the application. In test or development, this may or may not happen depending on the setup or testing framework, so we allow both. This allows for ModHeader and other browser plugins to be used in development mode.
# File lib/devise_remote/http_header_authenticatable_behavior.rb, line 33 def remote_user(headers) if Rails.env.production? headers.fetch('REMOTE_USER', nil) else headers.fetch('REMOTE_USER', nil) || headers.fetch('HTTP_REMOTE_USER', nil) end end