class Warden::Manager

Experimental RBS support (using type sampling data from the type_fusion project). 

# sig/warden/manager.rbs

class Warden::Manager
  def _run_callbacks: (*Array[Symbol] args) -> untyped
end

the rack environment hash
The middleware injects an authentication object into
The middleware requires that there is a session upstream
The middleware for Rack Authentication

def _run_callbacks(*args) #:nodoc:

Experimental RBS support (using type sampling data from the type_fusion project). 

def _run_callbacks: (*User | Warden::Proxy | Hash | scope | Symbol | event | Symbol args) -> untyped

This signature was generated using 2 samples from 1 application.

:nodoc:
:api: private 
def _run_callbacks(*args) #:nodoc:
  self.class._run_callbacks(*args)
end

def call(env) # :nodoc:

:nodoc:
:api: private
If this is downstream from another warden instance, don't do anything.
Invoke the application guarding for throw :warden. 
def call(env) # :nodoc:
  return @app.call(env) if env['warden'] && env['warden'].manager != self
  env['warden'] = Proxy.new(env, self)
  result = catch(:warden) do
    env['warden'].on_request
    @app.call(env)
  end
  result ||= {}
  case result
  when Array
    handle_chain_result(result.first, result, env)
  when Hash
    process_unauthenticated(env, result)
  when Rack::Response
    handle_chain_result(result.status, result, env)
  end
end

def call_failure_app(env, options = {})

:api: private
The before_failure hooks are run on each failure
Calls the failure app. 
def call_failure_app(env, options = {})
  if config.failure_app
    options.merge!(:attempted_path => ::Rack::Request.new(env).fullpath)
    env["PATH_INFO"] = "/#{options[:action]}"
    env["warden.options"] = options
    _run_callbacks(:before_failure, env, options)
    config.failure_app.call(env).to_a
  else
    raise "No Failure App provided"
  end
end # call_failure_app

def handle_chain_result(status, result, env) 

def handle_chain_result(status, result, env)
  if status == 401 && intercept_401?(env)
    process_unauthenticated(env)
  else
    result
  end
end

def initialize(app, options={})

:api: public
configure the Warden::Manager.
Initialize the middleware. If a block is given, a Warden::Config is yielded so you can properly 
def initialize(app, options={})
  default_strategies = options.delete(:default_strategies)
  @app, @config = app, Warden::Config.new(options)
  @config.default_strategies(*default_strategies) if default_strategies
  yield @config if block_given?
end

def intercept_401?(env) 

def intercept_401?(env)
  config[:intercept_401] && !env['warden'].custom_failure?
end

def process_unauthenticated(env, options={})

:api: private
It looks at the result of the proxy to see if it's been executed and what action to take.
When a request is unauthenticated, here's where the processing occurs. 
def process_unauthenticated(env, options={})
  options[:action] ||= begin
    opts = config[:scope_defaults][config.default_scope] || {}
    opts[:action] || 'unauthenticated'
  end
  proxy  = env['warden']
  result = options[:result] || proxy.result
  case result
  when :redirect
    body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
    [proxy.status, proxy.headers, [body]]
  when :custom
    proxy.custom_response
  else
    options[:message] ||= proxy.message
    call_failure_app(env, options)
  end
end

def serialize_from_session(scope = nil, &block)

:api: public

Warden::Manager.serialize_from_session(:admin) { |id| AdminUser.get(id) }
# With Scope:
Warden::Manager.serialize_from_session{ |id| User.get(id) }
Example:

You can supply different methods of de-serialization for different scopes by passing a scope symbol
Use the results of user_session_key to reconstitute the user from the session on requests after the initial login
Reconstitutes the user from the session. 
def serialize_from_session(scope = nil, &block)
  method_name = scope.nil? ? :deserialize : "#{scope}_deserialize"
  if Warden::SessionSerializer.method_defined? method_name
    Warden::SessionSerializer.send :remove_method, method_name
  end
  Warden::SessionSerializer.send :define_method, method_name, &block
end

def serialize_into_session(scope = nil, &block)

:api: public

Warden::Manager.serialize_into_session(:admin) { |user| user.id }
# With Scope:
Warden::Manager.serialize_into_session{ |user| user.id }
Example:

You can supply different methods of serialization for different scopes by passing a scope symbol

If possible store only a "key" of the user object that will allow you to reconstitute it.
Generally however complex object should not be stored in the session.
Any object that can be serialized into the session in some way can be used as a "user" object
Prepares the user to serialize into the session. 
def serialize_into_session(scope = nil, &block)
  method_name = scope.nil? ? :serialize : "#{scope}_serialize"
  Warden::SessionSerializer.send :define_method, method_name, &block
end