{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","params":[],"results":{"codes":[]},"settings":""},"next":{"description":"","pages":[]},"title":"Ruby Agent API","type":"basic","slug":"ruby-agent-api","excerpt":"","body":"IMMUNIO agents provide APIs to tell the agent about request information when the agent is unable to determine the information itself.\n\n## Authentication API\nAuthentication data is used to analyze requests for [Bruteforce](doc:bruteforce) and [Session Farming](doc:session-farming-1) attacks. IMMUNIO automatically picks out authentication data from requests for the most popular Rails authentication frameworks: [Devise](https://github.com/plataformatec/devise) and [Authlogic](https://github.com/binarylogic/authlogic).\n\nIf your app is not using one of the frameworks with built-in support, it will need to manually inform the IMMUNIO agent when authentication-related activity occurs:\n\n* After a successful login: `Immunio.login`\n* After a failed login: `Immunio.failed_login`\n* After a user logs out: `Immunio.logout`\n* After the user for the request has been determined: `Immunio.set_user`\n* After a user requests a password reset: `Immunio.password_reset`\n* After a failed request for resetting a password: `Immunio.failed_password_reset`\n\n**Note:** `Immunio.set_user` should be called for every request performed by a logged in user, not just when users log in or log out.\n\nThese methods take an options hash with at least one of the following pieces of data:\n\n* `user_id`: String or Number\n* `username`: String\n* `email`: String\n\nAs an alternative to providing the `user_id`, `username`, and `email` directly, an ActiveRecord object for the user may be provided as the value for the `user_record` key.\n\nHere's an example integration:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"class ApplicationController\\n  def current_user=(user)\\n    Immunio.set_user user_record: user\\n    # ...\\n  end\\nend\\n\\nclass SessionsController < ApplicationController\\n  # POST /session\\n  def create\\n    if user = User.authenticate(params[:user])\\n      Immunio.login user_record: user\\n      self.current_user = user\\n      # ...\\n    else\\n      Immunio.failed_login username: params[:user]\\n      # ...\\n    end\\n  end\\n\\n  # DELETE /session\\n  def destroy\\n    Immunio.logout user_record: current_user\\n    # ...\\n  end\\nend\",\n      \"language\": \"ruby\"\n    }\n  ]\n}\n[/block]","updates":[],"order":3,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"5605d2eda4574a0d00811346","user":"55db8f7cade8080d00c73818","githubsync":"","parentDoc":null,"category":{"sync":{"isSync":false,"url":""},"pages":["560b229caf40a70d003df309","56bcb2cf9afb8b0d00d62df6"],"title":"Advanced configurations","slug":"advanced-configurations","order":6,"from_sync":false,"reference":false,"_id":"560b22739c7be70d00100bd8","project":"55db8f8f1a91690d007ad975","version":"55db8f901a91690d007ad978","__v":2,"createdAt":"2015-09-29T23:44:51.456Z"},"version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":false,"is_hidden":false,"is_deprecated":false,"categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"_id":"55db8f901a91690d007ad978","createdAt":"2015-08-24T21:41:36.034Z","project":"55db8f8f1a91690d007ad975","__v":17,"releaseDate":"2015-08-24T21:41:36.034Z"},"__v":8,"createdAt":"2015-09-25T23:04:13.883Z","project":"55db8f8f1a91690d007ad975"}
IMMUNIO agents provide APIs to tell the agent about request information when the agent is unable to determine the information itself. ## Authentication API Authentication data is used to analyze requests for [Bruteforce](doc:bruteforce) and [Session Farming](doc:session-farming-1) attacks. IMMUNIO automatically picks out authentication data from requests for the most popular Rails authentication frameworks: [Devise](https://github.com/plataformatec/devise) and [Authlogic](https://github.com/binarylogic/authlogic). If your app is not using one of the frameworks with built-in support, it will need to manually inform the IMMUNIO agent when authentication-related activity occurs: * After a successful login: `Immunio.login` * After a failed login: `Immunio.failed_login` * After a user logs out: `Immunio.logout` * After the user for the request has been determined: `Immunio.set_user` * After a user requests a password reset: `Immunio.password_reset` * After a failed request for resetting a password: `Immunio.failed_password_reset` **Note:** `Immunio.set_user` should be called for every request performed by a logged in user, not just when users log in or log out. These methods take an options hash with at least one of the following pieces of data: * `user_id`: String or Number * `username`: String * `email`: String As an alternative to providing the `user_id`, `username`, and `email` directly, an ActiveRecord object for the user may be provided as the value for the `user_record` key. Here's an example integration: [block:code] { "codes": [ { "code": "class ApplicationController\n def current_user=(user)\n Immunio.set_user user_record: user\n # ...\n end\nend\n\nclass SessionsController < ApplicationController\n # POST /session\n def create\n if user = User.authenticate(params[:user])\n Immunio.login user_record: user\n self.current_user = user\n # ...\n else\n Immunio.failed_login username: params[:user]\n # ...\n end\n end\n\n # DELETE /session\n def destroy\n Immunio.logout user_record: current_user\n # ...\n end\nend", "language": "ruby" } ] } [/block]