Reputation: 3939
Allow user access to protected page using URL token
I am using Clearance gem for authentication. I have one page in the app to which I want to permit anyone to come provided they have a secure token in the URL / Session. They need not be users in the system.
Is this doable with Clearance. Any hints on how I should proceed. Initially I thought I should override require_login and current_user. Is that a good approach?
Upvotes: 0
Views: 229
Answers (1)
Reputation: 3507
Should the secure token page also allow access to people who are signed in, or must everyone have the secure token?
If you must have the secure token, regardless of whether you are signed in with Clearance or not, then I would avoid Clearance for this controller all-together by not calling require_login at all (or calling skip_before_action :require_login if the filter is already in your controller's inheritance tree). Then you could implement your own before_action that checks the token and does whatever you'd like. You could also implement your own current_user for this controller if desired.
If the page should also allow signed in users then I would still skip the Clearance before action and instead use something like this:
def require_login_or_secret_token
unless params["super_secret_security_token"] == TOKEN
require_login
else
end
Then you'd need to override current_user to return a guest object rather than nil if you want to use current_user in this action/view:
def current_user
super || Guest.new
end
Upvotes: 1
Related Questions
- JWT: Why Access & Refresh Token
- How should a Facebook user access token be consumed on the server-side?
- Spring Security - Token based API auth & user/password authentication
- JSON Web Token Implementation: access and refresh token
- Security in token auth when using other provider authentications services such as Soundcloud?
- Authentication fails with Uploadify + Paperclip + Clearance