Module: Authenticate::Controller
Overview
The authenticate controller methods.
Typically, you include this concern into your ApplicationController. A basic implementation might look like this:
class ApplicationController < ActionController::Base
include Authenticate::Controller
before_action :require_login
protect_from_forgery with: :exception
end
Methods, generally called from authenticate’s app controllers:
-
authenticate(params) - validate a user’s identity
-
login(user, &block) - complete login after validating a user’s identity, creating an Authenticate session
-
logout - log a user out, invalidating their Authenticate session.
Action/Filter:
-
require_login - restrict access to authenticated users, often from ApplicationController
Helpers, used anywhere:
-
current_user - get the currently logged in user
-
logged_in? - is the user logged in?
-
logged_out? - is the user not logged in?
Instance Method Summary collapse
-
#authenticate(params) ⇒ Object
Validate a user’s identity with (typically) email/ID & password, and return the User if valid, or nil.
-
#authenticate_controller? ⇒ Boolean
Return true if it’s an Authenticate controller.
-
#authenticated? ⇒ Boolean
The old API.
-
#current_user ⇒ Object
Get the current user from the current Authenticate session.
-
#logged_in? ⇒ Boolean
Has the user been logged in? Exposed as a helper, can be called from views.
-
#logged_out? ⇒ Boolean
Has the user not logged in? Exposed as a helper, can be called from views.
-
#login(user, &block) ⇒ Object
Complete the user’s sign in process: after calling authenticate, or after user creates account.
-
#logout ⇒ Object
Log the user out.
-
#require_authentication ⇒ Object
The old API.
-
#require_login ⇒ Object
Use this filter as a before_action to control access to controller actions, limiting to logged in users.
Methods included from Debug
Instance Method Details
#authenticate(params) ⇒ Object
Validate a user’s identity with (typically) email/ID & password, and return the User if valid, or nil. After calling this, call login(user) to complete the process.
37 38 39 40 |
# File 'lib/authenticate/controller.rb', line 37 def authenticate(params) credentials = Authenticate.configuration.user_model_class.credentials(params) Authenticate.configuration.user_model_class.authenticate(credentials) end |
#authenticate_controller? ⇒ Boolean
Return true if it’s an Authenticate controller. Useful if you want to apply a before filter to all controllers, except the ones in Authenticate, e.g.
before_action :my_filter, unless: :authenticate_controller?
128 129 130 |
# File 'lib/authenticate/controller.rb', line 128 def authenticate_controller? is_a?(Authenticate::AuthenticateController) end |
#authenticated? ⇒ Boolean
The old API. DEPRECATED, use #logged_in? instead.
todo: remove in a future version.
144 145 146 147 148 |
# File 'lib/authenticate/controller.rb', line 144 def authenticated? warn "#{Kernel.caller.first}: [DEPRECATION] " + "'authenticated?' is deprecated and will be removed in a future release. Use 'logged_in?' instead." logged_in? end |
#current_user ⇒ Object
Get the current user from the current Authenticate session. Exposed as a helper , can be called from controllers, views, and other helpers.
<p>Your email address: <%= current_user.email %></p>
119 120 121 |
# File 'lib/authenticate/controller.rb', line 119 def current_user authenticate_session.current_user end |
#logged_in? ⇒ Boolean
Has the user been logged in? Exposed as a helper, can be called from views.
<% if logged_in? %>
<%= link_to sign_out_path, "Sign out" %>
<% else %>
<%= link_to sign_in_path, "Sign in" %>
<% end %>
99 100 101 102 |
# File 'lib/authenticate/controller.rb', line 99 def logged_in? debug "!!!!!!!!!!!!!!!!!! controller#logged_in?" authenticate_session.logged_in? end |
#logged_out? ⇒ Boolean
Has the user not logged in? Exposed as a helper, can be called from views.
<% if logged_out? %>
<%= link_to sign_in_path, "Sign in" %>
<% end %>
110 111 112 |
# File 'lib/authenticate/controller.rb', line 110 def logged_out? !logged_in? end |
#login(user, &block) ⇒ Object
Complete the user’s sign in process: after calling authenticate, or after user creates account. Runs all valid callbacks and sends the user a session token.
44 45 46 47 48 49 50 51 |
# File 'lib/authenticate/controller.rb', line 44 def login(user, &block) authenticate_session.login user, &block if logged_in? && Authenticate.configuration.rotate_csrf_on_sign_in? session.delete(:_csrf_token) form_authenticity_token end end |
#logout ⇒ Object
Log the user out. Typically used in session controller.
class SessionsController < ActionController::Base
include Authenticate::Controller
def destroy
logout
redirect_to '/', notice: 'You logged out successfully'
end
62 63 64 |
# File 'lib/authenticate/controller.rb', line 62 def logout authenticate_session.logout end |
#require_authentication ⇒ Object
The old API. DEPRECATED, use #require_login instead.
todo: remove in a future version.
135 136 137 138 139 |
# File 'lib/authenticate/controller.rb', line 135 def require_authentication warn "#{Kernel.caller.first}: [DEPRECATION] " + "'require_authentication' is deprecated and will be removed in a future release. use 'require_login' instead" require_login end |
#require_login ⇒ Object
Use this filter as a before_action to control access to controller actions, limiting to logged in users.
Placing in application_controller will control access to all controllers.
Example:
class ApplicationController < ActionController::Base
before_action :require_login
def index
# ...
end
end
81 82 83 84 85 86 87 88 89 |
# File 'lib/authenticate/controller.rb', line 81 def require_login debug "!!!!!!!!!!!!!!!!!! controller#require_login " # logged_in? #{logged_in?}" unless logged_in? = catch(:failure) do current_user = authenticate_session.current_user Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, event: :set_user) end () if end |