Module: Sorcery::Controller::InstanceMethods

Defined in:

lib/sorcery/controller.rb

Instance Method Summary

• #auto_login(user) ⇒ Object

  login a user instance.

• #current_user ⇒ Object

  attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).

• #current_user=(user) ⇒ Object
• #handle_unverified_request ⇒ Object

  Overwrite Rails’ handle unverified request.

• #logged_in? ⇒ Boolean
• #login(*credentials) ⇒ Object

  Takes credentials and returns a user on successful authentication.

• #logout ⇒ Object

  Resets the session and runs hooks before and after.

• #not_authenticated ⇒ Object

  The default action for denying non-authenticated users.

• #redirect_back_or_to(url, flash_hash = {}) ⇒ Object

  used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.

• #require_login ⇒ Object

  To be used as before_filter.

Instance Method Details

#auto_login(user) ⇒ Object

login a user instance

Parameters:

• user (<User-Model>) —

  the user instance.

Returns:

• • do not depend on the return value.

# File 'lib/sorcery/controller.rb', line 89

def auto_login(user)
  session[:user_id] = user.id
  @current_user = user
end

#current_user ⇒ Object

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).

# File 'lib/sorcery/controller.rb', line 63

def current_user
  @current_user ||= login_from_session || login_from_other_sources unless @current_user == false
end

#current_user=(user) ⇒ Object

# File 'lib/sorcery/controller.rb', line 67

def current_user=(user)
  @current_user = user
end

#handle_unverified_request ⇒ Object

Overwrite Rails’ handle unverified request

# File 'lib/sorcery/controller.rb', line 95

def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end

#logged_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sorcery/controller.rb', line 57

def logged_in?
  !!current_user
end

#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.

# File 'lib/sorcery/controller.rb', line 31

def login(*credentials)
  @current_user = nil
  user = user_class.authenticate(*credentials)
  if user
    return_to_url = session[:return_to_url]
    reset_session # protect from session fixation attacks
    session[:return_to_url] = return_to_url
    auto_login(user)
    after_login!(user, credentials)
    current_user
  else
    after_failed_login!(credentials)
    nil
  end
end

#logout ⇒ Object

Resets the session and runs hooks before and after.

# File 'lib/sorcery/controller.rb', line 48

def logout
  if logged_in?
    before_logout!(current_user)
    reset_session
    after_logout!
    @current_user = nil
  end
end

#not_authenticated ⇒ Object

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.

# File 'lib/sorcery/controller.rb', line 81

def not_authenticated
  redirect_to root_path
end

#redirect_back_or_to(url, flash_hash = {}) ⇒ Object

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.

# File 'lib/sorcery/controller.rb', line 73

def redirect_back_or_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, :flash => flash_hash)
  session[:return_to_url] = nil
end

#require_login ⇒ Object

To be used as before_filter. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.

# File 'lib/sorcery/controller.rb', line 22

def require_login
  if !logged_in?
    session[:return_to_url] = request.url if Config.save_return_to_url
    self.send(Config.not_authenticated_action)
  end
end