Module: Authenticate::Controller

Extended by:

ActiveSupport::Concern

Includes:

Debug

Defined in:

lib/authenticate/controller.rb

Instance Method Summary

• #authenticate(params) ⇒ Object

  Validate a user’s identity with (typically) email/ID & password, and return the User if valid, or nil.

• #authenticate_controller? ⇒ Boolean

  Return true if it’s an Authenticate controller.

• #authenticated? ⇒ Boolean

  Has the user been logged in? Exposed as a helper, can be called from views.

• #current_user ⇒ Object

  Get the current user from the current Authenticate session.

• #login(user, &block) ⇒ Object

  Complete the user’s sign in process: after calling authenticate, or after user creates account.

• #logout ⇒ Object

  Log the user out.

• #require_authentication ⇒ Object

  Use this filter as a before_action to restrict controller actions to authenticated users.

Methods included from Debug

#debug

Instance Method Details

#authenticate(params) ⇒ Object

Validate a user’s identity with (typically) email/ID & password, and return the User if valid, or nil. After calling this, call login(user) to complete the process.

# File 'lib/authenticate/controller.rb', line 14

def authenticate(params)
  # todo: get params from User model
  credentials = Authenticate.configuration.user_model_class.credentials(params)
  debug "Controller::credentials: #{credentials.inspect}"
  Authenticate.configuration.user_model_class.authenticate(credentials)
end

#authenticate_controller? ⇒ Boolean

Return true if it’s an Authenticate controller. Useful if you want to apply a before filter to all controllers, except the ones in Authenticate, e.g.

before_action :my_filter, unless: :authenticate_controller?

Returns:

• (Boolean)

# File 'lib/authenticate/controller.rb', line 97

def authenticate_controller?
  is_a?(Authenticate::AuthenticateController)
end

#authenticated? ⇒ Boolean

Has the user been logged in? Exposed as a helper, can be called from views.

<% if authenticated? %>
  <%= link_to logout_path, "Sign out" %>
<% else %>
  <%= link_to login_path, "Sign in" %>
<% end %>

Returns:

• (Boolean)

# File 'lib/authenticate/controller.rb', line 78

def authenticated?
  authenticate_session.authenticated?
end

#current_user ⇒ Object

Get the current user from the current Authenticate session. Exposed as a helper , can be called from controllers, views, and other helpers.

<p>Your email address: <%= current_user.email %></p>

# File 'lib/authenticate/controller.rb', line 88

def current_user
  authenticate_session.current_user
end

#login(user, &block) ⇒ Object

Complete the user’s sign in process: after calling authenticate, or after user creates account. Runs all valid callbacks and sends the user a session token.

# File 'lib/authenticate/controller.rb', line 24

def login(user, &block)
  authenticate_session.login user, &block
end

#logout ⇒ Object

Log the user out. Typically used in session controller.

class SessionsController < ActionController::Base

include Authenticate::Controller

def destroy
  logout
  redirect_to '/', notice: 'You logged out successfully'
end

# File 'lib/authenticate/controller.rb', line 38

def logout
  authenticate_session.deauthenticate
end

#require_authentication ⇒ Object

Use this filter as a before_action to restrict controller actions to authenticated users. Consider using in application_controller to restrict access to all controllers.

Example:

class ApplicationController < ActionController::Base
  before_action :require_authentication

  def index
    # ...
  end
end

# File 'lib/authenticate/controller.rb', line 56

def require_authentication
  debug 'Controller::require_authentication'
  unless authenticated?
    unauthorized
  end

  message = catch(:failure) do
    current_user = authenticate_session.current_user
    Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, {event: :set_user })
  end
  unauthorized(message) if message
end