Module: Sorcery::Controller::InstanceMethods
- Defined in:
- lib/sorcery/controller.rb
Instance Method Summary collapse
-
#auto_login(user, _should_remember = false) ⇒ Object
login a user instance.
-
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not.
- #current_user=(user) ⇒ Object
-
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request.
- #logged_in? ⇒ Boolean
-
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication.
-
#logout ⇒ Object
Resets the session and runs hooks before and after.
-
#not_authenticated ⇒ Object
The default action for denying non-authenticated users.
-
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
-
#require_login ⇒ Object
To be used as before_action.
-
#reset_sorcery_session ⇒ Object
put this into the catch block to rescue undefined method ‘destroy_session’ hotfix for github.com/NoamB/sorcery/issues/464 can be removed when Rails 4.1 is out.
Instance Method Details
#auto_login(user, _should_remember = false) ⇒ Object
login a user instance
111 112 113 114 |
# File 'lib/sorcery/controller.rb', line 111 def auto_login(user, _should_remember = false) session[:user_id] = user.id.to_s @current_user = user end |
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not
82 83 84 85 86 87 |
# File 'lib/sorcery/controller.rb', line 82 def current_user unless defined?(@current_user) @current_user = login_from_session || login_from_other_sources || nil end @current_user end |
#current_user=(user) ⇒ Object
89 90 91 |
# File 'lib/sorcery/controller.rb', line 89 def current_user=(user) @current_user = user end |
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request
117 118 119 120 121 |
# File 'lib/sorcery/controller.rb', line 117 def handle_unverified_request [:remember_me_token] = nil @current_user = nil super # call the default behaviour which resets the session end |
#logged_in? ⇒ Boolean
76 77 78 |
# File 'lib/sorcery/controller.rb', line 76 def logged_in? !!current_user end |
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/sorcery/controller.rb', line 31 def login(*credentials) @current_user = nil user_class.authenticate(*credentials) do |user, failure_reason| if failure_reason after_failed_login!(credentials) yield(user, failure_reason) if block_given? return end old_session = session.dup.to_hash reset_sorcery_session old_session.each_pair do |k, v| session[k.to_sym] = v end form_authenticity_token auto_login(user) after_login!(user, credentials) block_given? ? yield(current_user, nil) : current_user end end |
#logout ⇒ Object
Resets the session and runs hooks before and after.
66 67 68 69 70 71 72 73 74 |
# File 'lib/sorcery/controller.rb', line 66 def logout if logged_in? user = current_user before_logout! @current_user = nil reset_sorcery_session after_logout!(user) end end |
#not_authenticated ⇒ Object
The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.
103 104 105 |
# File 'lib/sorcery/controller.rb', line 103 def not_authenticated redirect_to root_path end |
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
95 96 97 98 |
# File 'lib/sorcery/controller.rb', line 95 def redirect_back_or_to(url, flash_hash = {}) redirect_to(session[:return_to_url] || url, flash: flash_hash) session[:return_to_url] = nil end |
#require_login ⇒ Object
To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.
22 23 24 25 26 27 |
# File 'lib/sorcery/controller.rb', line 22 def require_login unless logged_in? session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr? send(Config.not_authenticated_action) end end |
#reset_sorcery_session ⇒ Object
put this into the catch block to rescue undefined method ‘destroy_session’ hotfix for github.com/NoamB/sorcery/issues/464 can be removed when Rails 4.1 is out
60 61 62 63 |
# File 'lib/sorcery/controller.rb', line 60 def reset_sorcery_session reset_session # protect from session fixation attacks rescue NoMethodError end |