Module: Sorcery::Controller::InstanceMethods

Defined in:
lib/sorcery/controller.rb

Instance Method Summary collapse

Instance Method Details

#auto_login(user, should_remember = false) ⇒ Object

login a user instance

Parameters:

  • user (<User-Model>)

    the user instance.

Returns:

    • do not depend on the return value.



105
106
107
108
# File 'lib/sorcery/controller.rb', line 105

def (user, should_remember = false)
  session[:user_id] = user.id.to_s
  @current_user = user
end

#current_userObject

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not



76
77
78
79
80
81
# File 'lib/sorcery/controller.rb', line 76

def current_user
  unless defined?(@current_user)
    @current_user =  ||  || nil
  end
  @current_user
end

#current_user=(user) ⇒ Object



83
84
85
# File 'lib/sorcery/controller.rb', line 83

def current_user=(user)
  @current_user = user
end

#handle_unverified_requestObject

Overwrite Rails’ handle unverified request



111
112
113
114
115
# File 'lib/sorcery/controller.rb', line 111

def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end

#logged_in?Boolean

Returns:

  • (Boolean)


70
71
72
# File 'lib/sorcery/controller.rb', line 70

def logged_in?
  !!current_user
end

#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'lib/sorcery/controller.rb', line 31

def (*credentials)
  @current_user = nil
  user = user_class.authenticate(*credentials)
  if user
    old_session = session.dup.to_hash
    reset_sorcery_session
    old_session.each_pair do |k,v|
      session[k.to_sym] = v
    end
    form_authenticity_token

    (user)
    after_login!(user, credentials)
    current_user
  else
    after_failed_login!(credentials)
    nil
  end
end

#logoutObject

Resets the session and runs hooks before and after.



60
61
62
63
64
65
66
67
68
# File 'lib/sorcery/controller.rb', line 60

def logout
  if logged_in?
    @current_user = current_user if @current_user.nil?
    before_logout!(@current_user)
    reset_sorcery_session
    after_logout!
    @current_user = nil
  end
end

#not_authenticatedObject

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.



97
98
99
# File 'lib/sorcery/controller.rb', line 97

def not_authenticated
  redirect_to root_path
end

#redirect_back_or_to(url, flash_hash = {}) ⇒ Object

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.



89
90
91
92
# File 'lib/sorcery/controller.rb', line 89

def redirect_back_or_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, :flash => flash_hash)
  session[:return_to_url] = nil
end

#require_loginObject

To be used as before_filter. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.



22
23
24
25
26
27
# File 'lib/sorcery/controller.rb', line 22

def 
  if !logged_in?
    session[:return_to_url] = request.url if Config.save_return_to_url && request.get?
    self.send(Config.not_authenticated_action)
  end
end

#reset_sorcery_sessionObject

put this into the catch block to rescue undefined method ‘destroy_session’ hotfix for github.com/NoamB/sorcery/issues/464 can be removed when Rails 4.1 is out



54
55
56
57
# File 'lib/sorcery/controller.rb', line 54

def reset_sorcery_session
  reset_session # protect from session fixation attacks
rescue NoMethodError
end