Authenticate the action cable connection too (rails#53444)

dhh · web-flow · commit ecdcb03796c0 · 2024-10-25T11:04:50.000-07:00
* Authenticate the action cable connection too

* Skip generating the connection class if we dont have action cable

* Not using assigned instance

* Remove the right variable!
diff --git a/railties/lib/rails/generators/rails/authentication/authentication_generator.rb b/railties/lib/rails/generators/rails/authentication/authentication_generator.rb
@@ -19,6 +19,8 @@ def create_authentication_files
         template "app/controllers/concerns/authentication.rb"
         template "app/controllers/passwords_controller.rb"
 
+        template "app/channels/application_cable/connection.rb" unless options.skip_action_cable?
+
         template "app/mailers/passwords_mailer.rb"
 
         template "app/views/passwords_mailer/reset.html.erb"
diff --git a/railties/lib/rails/generators/rails/authentication/templates/app/channels/application_cable/connection.rb.tt b/railties/lib/rails/generators/rails/authentication/templates/app/channels/application_cable/connection.rb.tt
@@ -0,0 +1,17 @@
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+    identified_by :current_user
+
+    def connect
+      set_current_user || reject_unauthorized_connection
+    end
+
+    private
+      def set_current_user
+        if session = Session.find_by(id: cookies.signed[:session_id])
+          self.current_user = session.user
+        end
+      end
+  end
+end
+
diff --git a/railties/test/generators/authentication_generator_test.rb b/railties/test/generators/authentication_generator_test.rb
@@ -30,6 +30,7 @@ def test_authentication_generator
     assert_file "app/controllers/sessions_controller.rb"
     assert_file "app/controllers/concerns/authentication.rb"
     assert_file "app/views/sessions/new.html.erb"
+    assert_file "app/channels/application_cable/connection.rb"
 
     assert_file "app/controllers/application_controller.rb" do |content|
       class_line, includes_line = content.lines.first(2)
@@ -106,6 +107,14 @@ def test_model_test_is_skipped_if_test_framework_is_given
     assert_no_file "test/models/user_test.rb"
   end
 
+  def test_connection_class_skipped_without_action_cable
+    generator([destination_root], skip_action_cable: true)
+
+    run_generator_instance
+
+    assert_no_file "app/channels/application_cable/connection.rb"
+  end
+
   private
     def run_generator_instance
       commands = []
