Skip to content

Instantly share code, notes, and snippets.

@scottwater

scottwater/full_constraint.rb

Created December 2, 2011 21:00
Show Gist options
  • Save scottwater/1424816 to your computer and use it in GitHub Desktop.
Save scottwater/1424816 to your computer and use it in GitHub Desktop.
Download ZIP
Possible Authenticated Constraint for Sorcery
Raw
full_constraint.rb
# SCOPE GETS CROSSED - DO NOT USE AS IS!
class AuthenticatedConstraint
extend Sorcery::Controller::InstanceMethods
def self.matches?(request)
Sorcery::Controller::InstanceMethods.send(:define_method, :session, proc{request.session})
Sorcery::Controller::InstanceMethods.send(:define_method, :request, proc{request})
logged_in?
end
end
Raw
routes.rb
constraints(AuthenticatedConstraint) do
root :to => 'home#index'
end
Raw
simple_constraint.rb
class AuthenticatedConstraint
def self.matches?(request)
!!request.session[:user_id]
end
end
@stevenharman
Copy link

@scottwater,
Perhaps I'm just extra slow this Friday afternoon, but can you elaborate on your comment in full_constraint.rb?

@scottwater
Copy link
Author

The instance variables (such as @current_user) can get out of sync. Now that I try it again, it might have been because I dropped the class directly in the routes file.

Moving it to lib, it almost works, except now I am hitting an issue with login_from_cookie (for remember me).

To really make this work, the direct dependency on the controller methods such as request, session, and cookies probably need to be removed. Then you could supply them independently and better control the instance variable scope.

@robink
Copy link

robink commented Jan 24, 2012

Any update on this?

@stevenharman
Copy link

I think @scottwater is correct - this will work. However, I'd rather see Sorcery push this down to the Rack level so that the authentication can be used by other engines that may be mounted, and which are unaware of Rails/ActiveRecord. See: NoamB/sorcery#155

@robink
Copy link

robink commented Jan 24, 2012

Thanx for the feedback.

@robink
Copy link

robink commented Jan 25, 2012

Ok, maybe I'm dumb, but this doesn't work here :(
Scope gets crossed.

@stevenharman
Copy link

(Updating this thread in case others stumble across it later)

I think either going with a stripped-down version of Devise (which is built atop Warden) is a good option, or just roll your own atop Warden.

I'm about to cross this bridge (needing to share authentication w/a mounted app & needing to constrain routes based on authentication) for an app currently using Sorcery and will like rip it out in favor of the stripped-down Devise.

@scarver2
Copy link

Here is my solution to using constraints with Sorcery. I really did not want to switch to Devise after investing in Sorcery. NoamB/sorcery#341 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment