The workhorse of the framework. The authentiate! method is where the work
is done. authenticate! will try each strategy in order either passed in,
or in the default_strategy_order.
If a strategy returns some kind of user object, this will be stored in the
session, otherwise a Merb::Controller::Unauthenticated
exception is raised
@params Merb::Request, [List,Of,Strategies,
optional_options_hash]
Pass in a list of strategy objects to have this list take precedence over
the normal defaults
Use an options hash to provide an error message to be passed into the
exception.
@return user object of the verified user. An exception is raised if no
user is found
def authenticate!(request, params, *rest)
opts = rest.last.kind_of?(Hash) ? rest.pop : {}
rest = rest.flatten
strategies = if rest.empty?
if request.session[:authentication_strategies]
request.session[:authentication_strategies]
else
Merb::Authentication.default_strategy_order
end
else
request.session[:authentication_strategies] ||= []
request.session[:authentication_strategies] << rest
request.session[:authentication_strategies].flatten!.uniq!
request.session[:authentication_strategies]
end
msg = opts[:message] || error_message
user = nil
strategies.detect do |s|
s = Merb::Authentication.lookup_strategy[s]
unless s.abstract?
strategy = s.new(request, params)
user = strategy.run!
if strategy.halted?
self.headers, self.status, self.body = [strategy.headers, strategy.status, strategy.body]
halt!
return
end
user
end
end
user = run_after_authentication_callbacks(user, request, params) if user
raise Merb::Controller::Unauthenticated, msg unless user
session[:authentication_strategies] = nil
self.user = user
end