Module: Authenticate::Controller

Extended by:
ActiveSupport::Concern
Includes:
Debug
Defined in:
lib/authenticate/controller.rb

Overview

The authenticate controller methods.

Typically, you include this concern into your ApplicationController. A basic implementation might look like this:

class ApplicationController < ActionController::Base
   include Authenticate::Controller
   before_action :require_login
   protect_from_forgery with: :exception
 end

Methods, generally called from authenticate’s app controllers:

  • authenticate(params) - validate a user’s identity

  • login(user, &block) - complete login after validating a user’s identity, creating an Authenticate session

  • logout - log a user out, invalidating their Authenticate session.

Action/Filter:

  • require_login - restrict access to authenticated users, often from ApplicationController

Helpers, used anywhere:

  • current_user - get the currently logged in user

  • logged_in? - is the user logged in?

  • logged_out? - is the user not logged in?

Instance Method Summary collapse

Methods included from Debug

#debug

Instance Method Details

#authenticate(params) ⇒ Object

Validate a user’s identity with (typically) email/ID & password, and return the User if valid, or nil. After calling this, call login(user) to complete the process.



37
38
39
40
 
# File 'lib/authenticate/controller.rb', line 37

def authenticate(params)
  credentials = Authenticate.configuration.user_model_class.credentials(params)
  Authenticate.configuration.user_model_class.authenticate(credentials)
end

#authenticate_controller?Boolean

Return true if it’s an Authenticate controller. Useful if you want to apply a before filter to all controllers, except the ones in Authenticate, e.g.

before_action :my_filter, unless: :authenticate_controller?

Returns:

  • (Boolean) 


128
129
130
 
# File 'lib/authenticate/controller.rb', line 128

def authenticate_controller?
  is_a?(Authenticate::AuthenticateController)
end

#authenticated?Boolean

The old API. DEPRECATED, use #logged_in? instead.

todo: remove in a future version.

Returns:

  • (Boolean) 


144
145
146
147
148
 
# File 'lib/authenticate/controller.rb', line 144

def authenticated?
  warn "#{Kernel.caller.first}: [DEPRECATION] " +
         "'authenticated?' is deprecated and will be removed in a future release. Use 'logged_in?' instead."
  logged_in?
end

#current_userObject

Get the current user from the current Authenticate session. Exposed as a helper , can be called from controllers, views, and other helpers.

<p>Your email address: <%= current_user.email %></p>



119
120
121
 
# File 'lib/authenticate/controller.rb', line 119

def current_user
  authenticate_session.current_user
end

#logged_in?Boolean

Has the user been logged in? Exposed as a helper, can be called from views.

<% if logged_in? %>
  <%= link_to sign_out_path, "Sign out" %>
<% else %>
  <%= link_to sign_in_path, "Sign in" %>
<% end %>

Returns:

  • (Boolean) 


99
100
101
102
 
# File 'lib/authenticate/controller.rb', line 99

def logged_in?
  debug "!!!!!!!!!!!!!!!!!! controller#logged_in?"
  authenticate_session.logged_in?
end

#logged_out?Boolean

Has the user not logged in? Exposed as a helper, can be called from views.

<% if logged_out? %>
  <%= link_to sign_in_path, "Sign in" %>
<% end %>

Returns:

  • (Boolean) 


110
111
112
 
# File 'lib/authenticate/controller.rb', line 110

def logged_out?
  !logged_in?
end

#login(user, &block) ⇒ Object

Complete the user’s sign in process: after calling authenticate, or after user creates account. Runs all valid callbacks and sends the user a session token.



44
45
46
47
48
49
50
51
 
# File 'lib/authenticate/controller.rb', line 44

def (user, &block)
  authenticate_session. user, &block

  if logged_in? && Authenticate.configuration.rotate_csrf_on_sign_in?
    session.delete(:_csrf_token)
    form_authenticity_token
  end
end

#logoutObject

Log the user out. Typically used in session controller.

class SessionsController < ActionController::Base

include Authenticate::Controller

def destroy
  logout
  redirect_to '/', notice: 'You logged out successfully'
end



62
63
64
 
# File 'lib/authenticate/controller.rb', line 62

def logout
  authenticate_session.logout
end

#require_authenticationObject

The old API. DEPRECATED, use #require_login instead.

todo: remove in a future version.



135
136
137
138
139
 
# File 'lib/authenticate/controller.rb', line 135

def require_authentication
  warn "#{Kernel.caller.first}: [DEPRECATION] " +
    "'require_authentication' is deprecated and will be removed in a future release. use 'require_login' instead"
  
end

#require_loginObject

Use this filter as a before_action to control access to controller actions, limiting to logged in users.

Placing in application_controller will control access to all controllers.

Example:

class ApplicationController < ActionController::Base
  before_action :require_login

  def index
    # ...
  end
end



81
82
83
84
85
86
87
88
89
 
# File 'lib/authenticate/controller.rb', line 81

def 
  debug "!!!!!!!!!!!!!!!!!! controller#require_login " # logged_in? #{logged_in?}"
  unauthorized unless logged_in?
  message = catch(:failure) do
    current_user = authenticate_session.current_user
    Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, event: :set_user)
  end
  unauthorized(message) if message
end