module Authlogic::Session::UnauthorizedRecord

Allows you to create session with an object. Ex:

UserSession.create(my_user_object)

Be careful with this, because Authlogic is assuming that you have already confirmed that the user is who he says he is.

For example, this is the method used to persist the session internally. Authlogic finds the user with the persistence token. At this point we know the user is who he says he is, so Authlogic just creates a session with the record. This is particularly useful for 3rd party authentication methods, such as OpenID. Let that method verify the identity, once it's verified, pass the object and create a session.

Public Class Methods

included(klass) click to toggle source
# File lib/authlogic/session/unauthorized_record.rb, line 15
def self.included(klass)
  klass.class_eval do
    attr_accessor :unauthorized_record
    validate :validate_by_unauthorized_record, :if => :authenticating_with_unauthorized_record?
  end
end

Public Instance Methods

credentials() click to toggle source

Returning meaningful credentials

Calls superclass method
# File lib/authlogic/session/unauthorized_record.rb, line 23
def credentials
  if authenticating_with_unauthorized_record?
    details = {}
    details[:unauthorized_record] = "<protected>"
    details
  else
    super
  end
end
credentials=(value) click to toggle source

Setting the unauthorized record if it exists in the credentials passed.

Calls superclass method
# File lib/authlogic/session/unauthorized_record.rb, line 34
def credentials=(value)
  super
  values = value.is_a?(Array) ? value : [value]
  self.unauthorized_record = values.first if values.first.class < ::ActiveRecord::Base
end

Private Instance Methods

authenticating_with_unauthorized_record?() click to toggle source
# File lib/authlogic/session/unauthorized_record.rb, line 41
def authenticating_with_unauthorized_record?
  !unauthorized_record.nil?
end
validate_by_unauthorized_record() click to toggle source
# File lib/authlogic/session/unauthorized_record.rb, line 45
def validate_by_unauthorized_record
  self.attempted_record = unauthorized_record
end