RubygemsResearch

Sha256: bcd96af667824ffe507fd1f1397c44ed89493f62868c957bdd384b3a4241a9fe

Contents?: true

Size: 1.41 KB

Versions: 18

Compression:

Stored size: 1.41 KB

module Blacklight::TokenBasedUser
  extend ActiveSupport::Concern

  included do
    helper_method :encrypt_user_id

    rescue_from Blacklight::Exceptions::ExpiredSessionToken do
      head :unauthorized
    end

  end

  protected

  def token_or_current_or_guest_user
    token_user || current_or_guest_user
  end

  def token_user
    @token_user ||= if params[:encrypted_user_id]
      user_id = decrypt_user_id params[:encrypted_user_id]
      User.find(user_id)
    end
  end

  # Used for #export action, with encrypted user_id.
  def decrypt_user_id(encrypted_user_id)
    user_id, timestamp = message_encryptor.decrypt_and_verify(encrypted_user_id)

    if timestamp < 1.hour.ago
      raise Blacklight::Exceptions::ExpiredSessionToken.new
    end

    user_id
  end

  # Used for #export action with encrypted user_id, available
  # as a helper method for views.
  def encrypt_user_id(user_id)
    message_encryptor.encrypt_and_sign([user_id, Time.zone.now])
  end

  ##
  # This method provides Rails 3 compatibility to our message encryptor.
  # When we drop support for Rails 3, we can just use the AS::KeyGenerator
  # directly instead of this helper.
  def export_secret_token salt
    OpenSSL::PKCS5.pbkdf2_hmac_sha1(Blacklight.secret_key, salt, 1000, 64)
  end

  def message_encryptor
    derived_secret = export_secret_token("encrypted user session key")
    ActiveSupport::MessageEncryptor.new(derived_secret)
  end

end

Version data entries

18 entries across 18 versions & 1 rubygems

Version	Path
blacklight-5.19.2	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.19.1	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.19.0	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.18.0	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.17.2	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.17.1	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.17.0	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.16.4	app/models/concerns/blacklight/token_based_user.rb
blacklight-6.0.0.pre3	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.16.3	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.16.2	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.16.1	app/models/concerns/blacklight/token_based_user.rb
blacklight-6.0.0.pre2	app/models/concerns/blacklight/token_based_user.rb
blacklight-6.0.0.pre1	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.16.0	app/models/concerns/blacklight/token_based_user.rb
blacklight-5.15.0	lib/blacklight/token_based_user.rb
blacklight-5.14.0	lib/blacklight/token_based_user.rb
blacklight-5.13.1	lib/blacklight/token_based_user.rb