-
Notifications
You must be signed in to change notification settings - Fork 3
Home
Jeff Dickey edited this page Mar 3, 2019
·
3 revisions
Welcome to the crypt_ident wiki!
So far, we have some demo code for people to borrow and/or critique. It consists of a "common authentication" module, which does most of the "heavy lifting" of session data access, where (as noted in this Gem's documentation) it looks for a Current User Entity in session[:current_user] and a session-expiry time in session[:expires_at]. This module in turn is included by three other modules, one of which you would normally include in the authentication-aware Controller Action Classes in your Hanami app, as follows:
- AllowGuestOrUser is what you would include in the Controller Action Classes (or CACs) for an (initially) public page; unlike the other two, it pays no attention to the Authentication status of any Current User;
- ProhibitGuest, as the name suggests, is what you would include in the CACs for a page that requires Authentication prior to access; and
- RequireGuest is the opposite; it prohibits Authenticated Users from accessing an endpoint implemented using a CAC including that module. Examples of where you'd want to use this would be for your app's login or registration actions; if a User is already Authenticated, there's no need for him to re-Authenticate, correct?
What is a Guest User, you ask?