public
Last active

Authlogic extensions in a Rails3 app for HTTP token authentication and deprecation removal - put in config/initializers.

  • Download Gist
config/initializers/authentication.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
module Authlogic
module Session
# Lets you log in using a HTTP token, using the single_access_token.
# Behaves similarly to Params, but with HTTP, so it's nice for APIs.
module HttpToken
def self.included(klass)
klass.class_eval do
extend Config
include InstanceMethods
persist :persist_by_http_token
end
end
module Config
def http_token_access_allowed_request_types(value = nil)
rw_config(:http_token_access_allowed_request_types, value, ["application/xml", "application/json"])
end
alias_method :http_token_access_allowed_request_types=, :http_token_access_allowed_request_types
end
module InstanceMethods
private
def persist_by_http_token
return false if !http_token_enabled?
self.unauthorized_record = search_for_record("find_by_single_access_token", http_token)
self.single_access = valid?
end
def http_token_enabled?
return false if !http_token || !klass.column_names.include?("single_access_token")
return controller.token_access_allowed? if controller.responds_to_token_access_allowed?
case http_token_access_allowed_request_types
when Array
http_token_access_allowed_request_types.include?(controller.request_content_type) ||
token_access_allowed_request_types.include?(:all)
else
[:all, :any].include?(http_token_access_allowed_request_types)
end
end
 
def http_token
authenticate_with_http_token { |token, options| token }
end
def params_key
build_key(self.class.params_key)
end
def single_access?
single_access == true
end
def single_access_allowed_request_types
self.class.single_access_allowed_request_types
end
end
end
end
 
# Fixes some deprecation warnings on Rails3
module ActsAsAuthentic
module SessionMaintenance
module Methods
def save_without_session_maintenance_with_rails3(*args)
args = { :validate => args.first } if [[false], [true]].include?(args)
save_without_session_maintenance_without_rails3(args)
end
alias_method_chain :save_without_session_maintenance, :rails3
end
end
module Password
module Methods
module InstanceMethods
private
def transition_password(attempted_password)
self.password = attempted_password
save(:validate => false)
end
end
end
end
end
end

This breaks rails 2 compability

@ lichtamberg: It's a Rails 3 initializer. Initializers are part of application configuration, and therefore application specific - compatibility is irrelevant. in fact, the bottom part is just to duck-punch authlogic quietly into a Rails 3 app.

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.