Understanding the Clearance source code

robodisco · April 1, 2015, 12:09pm

Hi seeing as this is a Thoughtbot gem I thought I’d ask here first.

I’m reading through the Clearance gem’s source code (a habit I’m trying to get into to better my coding) and I’m trying to figure out what’s happening in the session management side.

In session.rb we have

def sign_in(user, &block)
      @current_user = user
      status = run_sign_in_stack

      if status.success?
        cookies[remember_token_cookie] = user && user.remember_token
      else
        @current_user = nil
      end

      if block_given?
        block.call(status)
      end
    end

In particular

cookies[remember_token_cookie] = user && user.remember_token

So if successful the cookie is set to the user’s remember token. But then when the request is finished and the rails app returns the result back to the rack middleware stack, clearance’s rack_session sets the cookie again like so

    def call(env)
      session = Clearance::Session.new(env)
      env[:clearance] = session
      response = @app.call(env)
      session.add_cookie_to_headers response[1] # <<- set again here
      response
    end

which is defined as

   def add_cookie_to_headers(headers)
      if cookie_value[:value].present?
        Rack::Utils.set_cookie_header!(
          headers,
          remember_token_cookie,
          cookie_value
        )
      end
    end

Can anyone explain the flow?

pedrosmmoreira · April 1, 2015, 3:54pm

Session gets set to Clearance::Session.new, which you can tell sets an instance variable of @cookies to nil. After running the sign in block, we return to the middleware and then set the session cookie to the value needed.

I believe the reason for this is that then other middleware and Rack applications can make use of the value.

derekprior · April 2, 2015, 8:47pm

This is the part of Clearance I’m least confident about. What I’d probably try to do is remove that line in the controller to see if any tests break. Hopefully they will and I’d be able to trace through what’s going on at that point. If they don’t then I’d have some more work ahead to see if I trust that result and if I could actually remove that and rely on the middleware entirely.

I may find some time to play with tomorrow during investment time to give a better answer.

robodisco · April 4, 2015, 1:43am

Thanks Pedro.

The problem is getting assigned twice the users token (not a nill value) in one successful sign in request. Once in session.rb and then again in the middleware.

So I’m wondering why twice, why not just in the middleware?

That’s what I was thinking too so I’m glad you said that.

robodisco · April 4, 2015, 1:48am

Thanks @derekprior,

by controller do you mean session.rb?

Topic		Replies	Views
Clearance and Segment.io Rack Middleware Ruby on Rails	0	822	February 6, 2015
Clearance Tutorial Ruby on Rails	10	2243	October 23, 2013
Authenticating via an API with Clearance Ruby on Rails	0	800	February 21, 2014
current_user is nil when integrating RailsAdmin and Clearance Ruby on Rails	2	1326	May 27, 2015
Clearance: Rails Authentication Made Easy \| Online Video Tutorial by thoughtbot Upcase	2	950	April 23, 2016

Understanding the Clearance source code

Related topics