ActionCable authentication

[gaizkaeu]

Hello.

I am starting some web sockets channels for my react application. Obviously I've to secure that connections, so far, the best I could find is using the request session, which looks like this.

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user

    def connect
      self.current_user = find_verified_user
    end

    private
      def find_verified_user
        if verified_user = Account.find_by(id: request.session[:account_id])
          verified_user
        else
          reject_unauthorized_connection
        end
      end
  end
end

I was wondering if there is any better way to ensure that de user is authenticated (two factor too).

Thanks!!

[janko]

Hi, I have some ideas, but I've never used Action Cable, so I don't know an easy way to test my suggestions.

That being said, I believe the following might work:

      def find_verified_user
        if rodauth.authenticated?
          rodauth.rails_account
        else
          reject_unauthorized_connection
        end
      end

      def rodauth
        @rodauth ||= RodauthApp.new(env).rodauth
      end

[gaizkaeu]

Hello Janko.

Seems to work!! Thank you very much.