Module: Sorcery::Controller::InstanceMethods

Defined in:
lib/sorcery/controller.rb

Instance Method Summary collapse

Instance Method Details

#auto_login(user, _should_remember = false) ⇒ Object

login a user instance

Parameters:

  • user (<User-Model>)

    the user instance.

Returns:

    • do not depend on the return value.



111
112
113
114
 
# File 'lib/sorcery/controller.rb', line 111

def (user, _should_remember = false)
  session[:user_id] = user.id.to_s
  @current_user = user
end

#current_userObject

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not



82
83
84
85
86
87
 
# File 'lib/sorcery/controller.rb', line 82

def current_user
  unless defined?(@current_user)
    @current_user =  ||  || nil
  end
  @current_user
end

#current_user=(user) ⇒ Object 



89
90
91
 
# File 'lib/sorcery/controller.rb', line 89

def current_user=(user)
  @current_user = user
end

#handle_unverified_requestObject

Overwrite Rails’ handle unverified request



117
118
119
120
121
 
# File 'lib/sorcery/controller.rb', line 117

def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end

#logged_in?Boolean

Returns:

  • (Boolean) 


76
77
78
 
# File 'lib/sorcery/controller.rb', line 76

def logged_in?
  !!current_user
end

#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/sorcery/controller.rb', line 31

def (*credentials)
  @current_user = nil

  user_class.authenticate(*credentials) do |user, failure_reason|
    if failure_reason
      after_failed_login!(credentials)

      yield(user, failure_reason) if block_given?

      return
    end

    old_session = session.dup.to_hash
    reset_sorcery_session
    old_session.each_pair do |k, v|
      session[k.to_sym] = v
    end
    form_authenticity_token

    (user)
    after_login!(user, credentials)

    block_given? ? yield(current_user, nil) : current_user
  end
end

#logoutObject

Resets the session and runs hooks before and after.



66
67
68
69
70
71
72
73
74
 
# File 'lib/sorcery/controller.rb', line 66

def logout
  if logged_in?
    user = current_user
    before_logout!
    @current_user = nil
    reset_sorcery_session
    after_logout!(user)
  end
end

#not_authenticatedObject

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.



103
104
105
 
# File 'lib/sorcery/controller.rb', line 103

def not_authenticated
  redirect_to root_path
end

#redirect_back_or_to(url, flash_hash = {}) ⇒ Object

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.



95
96
97
98
 
# File 'lib/sorcery/controller.rb', line 95

def redirect_back_or_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, flash: flash_hash)
  session[:return_to_url] = nil
end

#require_loginObject

To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.



22
23
24
25
26
27
 
# File 'lib/sorcery/controller.rb', line 22

def 
  unless logged_in?
    session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr?
    send(Config.not_authenticated_action)
  end
end

#reset_sorcery_sessionObject

put this into the catch block to rescue undefined method ‘destroy_session’ hotfix for github.com/NoamB/sorcery/issues/464 can be removed when Rails 4.1 is out



60
61
62
63
 
# File 'lib/sorcery/controller.rb', line 60

def reset_sorcery_session
  reset_session # protect from session fixation attacks
rescue NoMethodError
end