class Warden::Proxy
Experimental RBS support (using type sampling data from the type_fusion
project).
# sig/warden/errors.rbs class Warden::Proxy def _fetch_strategy: (Symbol name, Symbol scope) -> untyped def _perform_authentication: (*Array[Hash, scope, Symbol] args) -> untyped def _retrieve_scope_and_opts: (Array[Hash, scope, Symbol] args) -> untyped def _run_strategies_for: (Symbol scope, Array[] args) -> untyped def authenticate: (*Array[Hash, scope, Symbol] args) -> untyped def authenticate?: (*Array[Hash, scope, Symbol] args) -> untyped def user: (?Hash argument) -> User end
def _fetch_strategy(name, scope)
Experimental RBS support (using type sampling data from the type_fusion
project).
def _fetch_strategy: (Symbol name, Symbol scope) -> untyped
This signature was generated using 2 samples from 1 application.
def _fetch_strategy(name, scope) @strategies[scope][name] ||= if klass = Warden::Strategies[name] klass.new(@env, scope) elsif @config.silence_missing_strategies? nil else raise "Invalid strategy #{name}" end end
def _perform_authentication(*args)
Experimental RBS support (using type sampling data from the type_fusion
project).
def _perform_authentication: (* args) -> untyped
This signature was generated using 1 sample from 1 application.
def _perform_authentication(*args) scope, opts = _retrieve_scope_and_opts(args) user = nil # Look for an existing user in the session for this scope. # If there was no user in the session, see if we can get one from the request. return user, opts if user = user(opts.merge(:scope => scope)) _run_strategies_for(scope, args) if winning_strategy && winning_strategy.successful? opts[:store] = opts.fetch(:store, winning_strategy.store?) set_user(winning_strategy.user, opts.merge!(:event => :authentication)) end [@users[scope], opts] end
def _retrieve_scope_and_opts(args) #:nodoc:
Experimental RBS support (using type sampling data from the type_fusion
project).
def _retrieve_scope_and_opts: ( args) -> untyped
This signature was generated using 1 sample from 1 application.
def _retrieve_scope_and_opts(args) #:nodoc: opts = args.last.is_a?(Hash) ? args.pop : {} scope = opts[:scope] || @config.default_scope opts = (@config[:scope_defaults][scope] || {}).merge(opts) [scope, opts] end
def _run_strategies_for(scope, args) #:nodoc:
Experimental RBS support (using type sampling data from the type_fusion
project).
def _run_strategies_for: (Symbol scope, args) -> untyped
This signature was generated using 1 sample from 1 application.
Run the strategies for a given scope
def _run_strategies_for(scope, args) #:nodoc: self.winning_strategy = @winning_strategies[scope] return if winning_strategy && winning_strategy.halted? # Do not run any strategy if locked return if @locked if args.empty? defaults = @config[:default_strategies] strategies = defaults[scope] || defaults[:_all] end (strategies || args).each do |name| strategy = _fetch_strategy(name, scope) next unless strategy && !strategy.performed? && strategy.valid? catch(:warden) do _update_winning_strategy(strategy, scope) end strategy._run! _update_winning_strategy(strategy, scope) break if strategy.halted? end end
def _update_winning_strategy(strategy, scope)
def _update_winning_strategy(strategy, scope) self.winning_strategy = @winning_strategies[scope] = strategy end
def asset_request?
Check to see if this is an asset request
def asset_request? ::Warden::asset_paths.any? { |r| env['PATH_INFO'].to_s.match(r) } end
def authenticate(*args)
Experimental RBS support (using type sampling data from the type_fusion
project).
def authenticate: (* args) -> untyped
This signature was generated using 2 samples from 1 application.
env['warden'].authenticate(:password, :basic, :scope => :sudo)
Example:
opts - an options hash that contains the :scope of the user to check
args - a list of symbols (labels) that name the strategies to attempt
Parameters:
When scope is not specified, the default_scope is assumed.
This does not halt the flow of control and is a passive attempt to authenticate only
If there is already a user logged in for a given scope, the strategies are not run
Run the authentication strategies for the given strategies.
def authenticate(*args) user, _opts = _perform_authentication(*args) user end
def authenticate!(*args)
env['warden'].authenticate!(:password, :scope => :publisher) # throws if it cannot authenticate
Example
and rendered through the +failure_app+
The same as +authenticate+ except on failure it will throw an :warden symbol causing the request to be halted
def authenticate!(*args) user, opts = _perform_authentication(*args) throw(:warden, opts) unless user user end
def authenticate?(*args)
Experimental RBS support (using type sampling data from the type_fusion
project).
def authenticate?: (* args) -> untyped
This signature was generated using 1 sample from 1 application.
authenticated, and the second relies on already performed ones.
is that the former will run strategies if the user has not yet been
The difference between this method (authenticate?) and authenticated?
Same API as authenticate, but returns a boolean instead of a user.
def authenticate?(*args) result = !!authenticate(*args) yield if result && block_given? result end
def authenticated?(scope = @config.default_scope)
env['warden'].authenticated?(:admin)
Example:
scope - the scope to check for authentication. Defaults to default_scope
Parameters:
If you want strategies to be run, please check authenticate?.
This brings the user from the session, but does not run strategies before doing so.
Check to see if there is an authenticated user for the given scope.
def authenticated?(scope = @config.default_scope) result = !!user(scope) yield if block_given? && result result end
def clear_strategies_cache!(*args)
env['warden'].clear_strategies_cache!(:password, :scope => :admin)
# Clear password strategy for the :admin scope
env['warden'].clear_strategies_cache!(:scope => :admin)
# Clear all strategies for the :admin scope
env['warden'].clear_strategies_cache!
# Clear all strategies for the configured default_scope
Example:
opts - an options hash that contains the :scope of the user to check
args - a list of symbols (labels) that name the strategies to attempt
Parameters:
specific strategies for given scope:
This method has the same API as authenticate, allowing you to clear
once.
strategies cache if you want to allow a strategy to be run more than
strategy just once during the request lifecycle. You can clear the
Clear the cache of performed strategies so far. Warden runs each
def clear_strategies_cache!(*args) scope, _opts = _retrieve_scope_and_opts(args) @winning_strategies.delete(scope) @strategies[scope].each do |k, v| v.clear! if args.empty? || args.include?(k) end end
def custom_failure!
The result is a direct passthrough of your own response
Provides a way to return a 401 without warden deferring to the failure app
def custom_failure! @custom_failure = true end
def custom_failure?
Check to see if the custom failure flag has been set
def custom_failure? if instance_variable_defined?(:@custom_failure) !!@custom_failure else false end end
def errors
Lazily initiate errors object in session.
def errors @env[ENV_WARDEN_ERRORS] ||= Errors.new end
def initialize(env, manager) #:nodoc:
def initialize(env, manager) #:nodoc: @env, @users, @winning_strategies, @locked = env, {}, {}, false @manager, @config = manager, manager.config.dup @strategies = Hash.new { |h,k| h[k] = {} } end
def inspect(*args)
def inspect(*args) "Warden::Proxy:#{object_id} @config=#{@config.inspect}" end
def lock!
Notice that already authenticated users are kept as so.
be verified (for example, using a CSRF verification token).
request lifecycle. This is useful when the request cannot
Locks the proxy so new users cannot authenticate during the
def lock! @locked = true end
def logout(*scopes)
env['warden'].logout(:publisher, :admin)
# Logout the :publisher and :admin user
env['warden'].logout(:default)
# Logout the default user but leave the rest of the session alone
env['warden'].logout
# Logout everyone and clear the session
Example:
scopes - a list of scopes to logout
Parameters:
The logout also manages any authenticated data storage and clears it when a user logs out.
Provides logout functionality.
def logout(*scopes) if scopes.empty? scopes = @users.keys reset_session = true end scopes.each do |scope| user = @users.delete(scope) manager._run_callbacks(:before_logout, user, self, :scope => scope) raw_session.delete("warden.user.#{scope}.session") unless raw_session.nil? session_serializer.delete(scope, user) end reset_session! if reset_session end
def message
Proxy through to the authentication strategy to find out the message that was generated.
def message winning_strategy && winning_strategy.message end
def on_request
Run the on_request callbacks
def on_request manager._run_callbacks(:on_request, self) end
def result # :nodoc:
:api: private
proxy methods through to the winning strategy
def result # :nodoc: winning_strategy && winning_strategy.result end
def session(scope = @config.default_scope)
env['warden'].session(:sudo)[:foo] = "bar"
# :sudo scope
env['warden'].session[:foo] = "bar"
# default scope
Example
Warden manages clearing out this data when a user logs out
Provides a scoped session data for authenticated users.
def session(scope = @config.default_scope) raise NotAuthenticated, "#{scope.inspect} user is not logged in" unless authenticated?(scope) raw_session["warden.user.#{scope}.session"] ||= {} end
def session_serializer
session.
everything related with storing, fetching and removing the user
Points to a SessionSerializer instance responsible for handling
def session_serializer @session_serializer ||= Warden::SessionSerializer.new(@env) end
def set_user(user, opts = {})
opts - An options hash. Use the :scope option to set the scope of the user, set the :store option to false to skip serializing into the session, set the :run_callbacks to false to skip running the callbacks (the default is true).
user - An object that has been setup to serialize into and out of the session.
Parameters:
Manually set the user into the session and auth proxy
def set_user(user, opts = {}) scope = (opts[:scope] ||= @config.default_scope) # Get the default options from the master configuration for the given scope opts = (@config[:scope_defaults][scope] || {}).merge(opts) opts[:event] ||= :set_user @users[scope] = user if opts[:store] != false && opts[:event] != :fetch options = env[ENV_SESSION_OPTIONS] if options if options.frozen? env[ENV_SESSION_OPTIONS] = options.merge(:renew => true).freeze else options[:renew] = true end end session_serializer.store(user, scope) end run_callbacks = opts.fetch(:run_callbacks, true) manager._run_callbacks(:after_set_user, user, self, opts) if run_callbacks @users[scope] end
def to_s(*args)
def to_s(*args) inspect(*args) end
def unauthenticated?(scope = @config.default_scope)
Same API as authenticated?, but returns false when authenticated.
def unauthenticated?(scope = @config.default_scope) result = !authenticated?(scope) yield if block_given? && result result end
def user(argument = {})
Experimental RBS support (using type sampling data from the type_fusion
project).
def user: (?scope | Symbol argument) -> User
This signature was generated using 4 samples from 2 applications.
env['warden'].user(:scope => :admin, :run_callbacks => true)
# with a scope and run_callbacks option
env['warden'].user(:run_callbacks => false)
# with default scope and run_callbacks option
env['warden'].user(:scope => :admin)
# as a Hash
env['warden'].user(:admin)
# with scope
env['warden'].user
# without scope (default user)
Example:
perform strategies.
Will be nil if not logged in. Please notice that this method does not
Provides access to the user object in a given scope for a request.
def user(argument = {}) opts = argument.is_a?(Hash) ? argument : { :scope => argument } scope = (opts[:scope] ||= @config.default_scope) if @users.has_key?(scope) @users[scope] else unless user = session_serializer.fetch(scope) run_callbacks = opts.fetch(:run_callbacks, true) manager._run_callbacks(:after_failed_fetch, user, self, :scope => scope) if run_callbacks end @users[scope] = user ? set_user(user, opts.merge(:event => :fetch)) : nil end end