Module: Clearance::Authentication

Extended by:
ActiveSupport::Concern
Included in:
Controller
Defined in:
lib/clearance/authentication.rb

Instance Method Summary collapse

Instance Method Details

#authenticate(params) ⇒ User?

Authenticate a user with a provided email and password



27
28
29
30
31
# File 'lib/clearance/authentication.rb', line 27

def authenticate(params)
  Clearance.configuration.user_model.authenticate(
    params[:session][:email], params[:session][:password]
  )
end

#current_userUser?

Get the user from the current clearance session. Exposed as a helper_method, making it visible to views. Prefer #signed_in? or #signed_out? if you only want to check for the presence of a current user rather than access the actual user.



39
40
41
# File 'lib/clearance/authentication.rb', line 39

def current_user
  clearance_session.current_user
end

#current_user=(user) ⇒ Object

Deprecated.

Use the #sign_in method instead.



44
45
46
47
48
# File 'lib/clearance/authentication.rb', line 44

def current_user=(user)
  warn "#{Kernel.caller.first}: [DEPRECATION] " +
    'Assigning the current_user has been deprecated. Use the sign_in method instead.'
  clearance_session. user
end

#handle_unverified_requestObject



112
113
114
115
# File 'lib/clearance/authentication.rb', line 112

def handle_unverified_request
  super
  sign_out
end

#sign_in(user, &block) ⇒ Object

Sign in the provided user. Signing in will run the stack of Configuration#sign_in_guards.

You can provide a block to this method to handle the result of that stack. Your block will receive either a SuccessStatus or FailureStatus

(user) do |status|
  if status.success?
    # ...
  else
    # ...
  end
end

For an example of how clearance uses this internally, see SessionsController#create.

Signing in will also regenerate the CSRF token for the current session, provided Configuration#rotate_csrf_token_on_sign_in is set.



71
72
73
74
75
76
77
78
# File 'lib/clearance/authentication.rb', line 71

def (user, &block)
  clearance_session.(user, &block)

  if signed_in? && Clearance.configuration.rotate_csrf_on_sign_in?
    session.delete(:_csrf_token)
    form_authenticity_token
  end
end

#sign_outObject

Destroy the current user's Clearance session. See Session#sign_out for specifics.



82
83
84
# File 'lib/clearance/authentication.rb', line 82

def sign_out
  clearance_session.sign_out
end

#signed_in?Boolean

True if there is a currently-signed-in user. Exposed as a helper_method, making it available to views.

Using signed_in? is preferable to checking #current_user against nil as it will allow you to introduce a null user object more simply at a later date.



94
95
96
# File 'lib/clearance/authentication.rb', line 94

def signed_in?
  clearance_session.signed_in?
end

#signed_out?Boolean

True if there is no currently-signed-in user. Exposed as a helper_method, making it available to views.

Usings signed_out? is preferable to checking for presence of #current_user as it will allow you to introduce a null user object more simply at a later date.



104
105
106
# File 'lib/clearance/authentication.rb', line 104

def signed_out?
  !signed_in?
end