Authenticator should receive the request as its :request #32
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When trying to write a custom authenticator that needed access to the Rack request object, I discovered that the
credentialshash didn't include the request, despite having a:requestkey. This seems to be because the@envinstance variable doesn't exist in the controller (I believe it may have once existed in past versions of Rails).Since none of the authenticators that ship with Cassy actually reference the
:requestkey, I think it should be safe to simply make it pass the Rack request object (which will still grant access to the Rack environment by callingcredentials[:request].env). However, this change may break some people's custom authenticators if they are running a sufficiently old version of Rails that@envdoes exist; if they are, they would need to usecredentials[:request].envrather thancredentials[:request].