Class: Clearance::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/clearance/configuration.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

Returns a new instance of Configuration



93
94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'lib/clearance/configuration.rb', line 93

def initialize
  @allow_sign_up = true
  @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
  @cookie_domain = nil
  @cookie_path = '/'
  @cookie_name = "remember_token"
  @httponly = false
  @mailer_sender = 'reply@example.com'
  @redirect_url = '/'
  @routes = true
  @rotate_csrf_on_sign_in = nil
  @secure_cookie = false
  @sign_in_guards = []
end

Instance Attribute Details

#allow_sign_up=(value) ⇒ Boolean (writeonly)

Controls whether the sign up route is enabled. Defaults to true. Set to false to disable user creation routes. The setting is ignored if routes are disabled.

Parameters:

  • value (Boolean)

Returns:

  • (Boolean)


8
9
10
# File 'lib/clearance/configuration.rb', line 8

def allow_sign_up=(value)
  @allow_sign_up = value
end

The domain to use for the clearance remember token cookie. Defaults to nil, which causes the cookie domain to default to the domain of the request. For more, see RFC6265.

Returns:

  • (String)


15
16
17
# File 'lib/clearance/configuration.rb', line 15

def cookie_domain
  @cookie_domain
end

A lambda called to set the remember token cookie expires attribute. The lambda accepts the collection of cookies as an argument which allows for changing the expiration according to those cookies. This could be used, for example, to set a session cookie unless a remember_me cookie was also present. By default, cookie expiration is one year. For more on cookie expiration see RFC6265.

Returns:

  • (Lambda)


25
26
27
# File 'lib/clearance/configuration.rb', line 25

def cookie_expiration
  @cookie_expiration
end

The name of Clearance's remember token cookie. Defaults to remember_token.

Returns:

  • (String)


30
31
32
# File 'lib/clearance/configuration.rb', line 30

def cookie_name
  @cookie_name
end

Controls which paths the remember token cookie is valid for. Defaults to "/" for the entire domain. For more, see RFC6265.

Returns:

  • (String)


36
37
38
# File 'lib/clearance/configuration.rb', line 36

def cookie_path
  @cookie_path
end

#httponlyBoolean

Controls whether the HttpOnly flag should be set on the remember token cookie. Defaults to false. If true, the cookie will not be made available to JavaScript. For more see RFC6265.

Returns:

  • (Boolean)


43
44
45
# File 'lib/clearance/configuration.rb', line 43

def httponly
  @httponly
end

#mailer_senderString

Controls the address the password reset email is sent from. Defaults to reply@example.com.

Returns:

  • (String)


48
49
50
# File 'lib/clearance/configuration.rb', line 48

def mailer_sender
  @mailer_sender
end

#password_strategyModule #authenticated? #password=

The password strategy to use when authenticating and setting passwords. Defaults to PasswordStrategies::BCrypt.

Returns:

  • (Module #authenticated? #password=)


53
54
55
# File 'lib/clearance/configuration.rb', line 53

def password_strategy
  @password_strategy
end

#redirect_urlString

The default path Clearance will redirect signed in users to. Defaults to "/". This can often be overridden for specific scenarios by overriding controller methods that rely on it.

Returns:

  • (String)


59
60
61
# File 'lib/clearance/configuration.rb', line 59

def redirect_url
  @redirect_url
end

#rotate_csrf_on_sign_inObject

Controls whether Clearance will rotate the CSRF token on sign in. Defaults to nil which generates a warning. Will default to true in Clearance 2.0.



64
65
66
# File 'lib/clearance/configuration.rb', line 64

def 
  @rotate_csrf_on_sign_in
end

#routes=(value) ⇒ Boolean (writeonly)

Set to false to disable Clearance's built-in routes. Defaults to true. When set to false, your app is responsible for all routes. You can dump a copy of Clearance's default routes with rails generate clearance:routes.

Returns:

  • (Boolean)


71
72
73
# File 'lib/clearance/configuration.rb', line 71

def routes=(value)
  @routes = value
end

Controls the secure setting on the remember token cookie. Defaults to false. When set, the browser will only send the cookie to the server over HTTPS. You should set this value to true in live environments to prevent session hijacking. For more, see RFC6265.

Returns:

  • (Boolean)


79
80
81
# File 'lib/clearance/configuration.rb', line 79

def secure_cookie
  @secure_cookie
end

#sign_in_guardsArray<#call>

The array of sign in guards to run when signing a user in. Defaults to an empty array. Sign in guards respond to call and are initialized with a session and the current stack. Each guard can decide to fail the sign in, yield to the next guard, or allow the sign in.

Returns:

  • (Array<#call>)


86
87
88
# File 'lib/clearance/configuration.rb', line 86

def 
  @sign_in_guards
end

#user_modelActiveRecord::Base

The ActiveRecord class that represents users in your application. Defualts to ::User.

Returns:

  • (ActiveRecord::Base)


91
92
93
# File 'lib/clearance/configuration.rb', line 91

def user_model
  @user_model
end

Instance Method Details

#allow_sign_up?Boolean

Is the user sign up route enabled?

Returns:

  • (Boolean)


114
115
116
# File 'lib/clearance/configuration.rb', line 114

def allow_sign_up?
  @allow_sign_up
end

#rotate_csrf_on_sign_in?Boolean

Returns:

  • (Boolean)


163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# File 'lib/clearance/configuration.rb', line 163

def rotate_csrf_on_sign_in?
  if .nil?
    warn <<-EOM.squish
      Clearance's `rotate_csrf_on_sign_in` configration setting is unset and
      will be treated as `false`. Setting this value to `true` is
      recommended to avoid session fixation attacks and will be the default
      in Clearance 2.0. It is recommended that you opt-in to this setting
      now and test your application. To silence this warning, set
      `rotate_csrf_on_sign_in` to `true` or `false` in Clearance's
      inializer.

      For more information on session fixation, see:
        https://www.owasp.org/index.php/Session_fixation
    EOM
  end

  
end

#routes_enabled?Boolean

Returns are Clearance's built-in routes enabled?

Returns:

  • (Boolean)

    are Clearance's built-in routes enabled?



147
148
149
# File 'lib/clearance/configuration.rb', line 147

def routes_enabled?
  @routes
end

#user_actionsArray<Symbol>

Specifies which controller actions are allowed for user resources. This will be [:create] is allow_sign_up is true (the default), and empty otherwise.

Returns:

  • (Array<Symbol>)


122
123
124
125
126
127
128
# File 'lib/clearance/configuration.rb', line 122

def  
  if allow_sign_up?
    [:create]
  else
    []
  end
end

#user_id_parameterSymbol

The name of foreign key parameter for the configured user model. This is derived from the model_name of the user_model setting. In the default configuration, this is user_id.

Returns:

  • (Symbol)


142
143
144
# File 'lib/clearance/configuration.rb', line 142

def user_id_parameter
  "#{user_parameter}_id".to_sym
end

#user_parameterSymbol

The name of user parameter for the configured user model. This is derived from the model_name of the user_model setting. In the default configuration, this is user.

Returns:

  • (Symbol)


134
135
136
# File 'lib/clearance/configuration.rb', line 134

def user_parameter
  user_model.model_name.singular.to_sym
end