Module: Authenticate::Controller

Extended by:: ActiveSupport::Concern

Includes:: Debug

Defined in:: lib/authenticate/controller.rb

Overview

The authenticate controller methods.

Typically, you include this concern into your ApplicationController. A basic implementation might look like this:

class ApplicationController < ActionController::Base
   include Authenticate::Controller
   before_action :require_authentication
   protect_from_forgery with: :exception
 end

Methods, generally called from authenticate’s app controllers:

authenticate(params) - validate a user’s identity
login(user, &block) - complete login after validating a user’s identity, creating an Authenticate session
logout - log a user out, invalidating their Authenticate session.

Action/Filter:

require_authentication - restrict access to authenticated users, often from ApplicationController

Helpers, used anywhere:

current_user - get the current user from the current Authenticate session.
authenticated? - has the user been logged in?

Instance Method Summary collapse

#authenticate(params) ⇒ Object

Validate a user’s identity with (typically) email/ID & password, and return the User if valid, or nil.
#authenticate_controller? ⇒ Boolean

Return true if it’s an Authenticate controller.
#authenticated? ⇒ Boolean

Has the user been logged in? Exposed as a helper, can be called from views.
#current_user ⇒ Object

Get the current user from the current Authenticate session.
#login(user, &block) ⇒ Object

Complete the user’s sign in process: after calling authenticate, or after user creates account.
#logout ⇒ Object

Log the user out.
#require_authentication ⇒ Object

Use this filter as a before_action to restrict controller actions to authenticated users.

Methods included from Debug

#debug

Instance Method Details

#authenticate(params) ⇒ `Object`

Validate a user’s identity with (typically) email/ID & password, and return the User if valid, or nil. After calling this, call login(user) to complete the process.

# File 'lib/authenticate/controller.rb', line 36

def authenticate(params)
  credentials = Authenticate.configuration.user_model_class.credentials(params)
  Authenticate.configuration.user_model_class.authenticate(credentials)
end

#authenticate_controller? ⇒ `Boolean`

Return true if it’s an Authenticate controller. Useful if you want to apply a before filter to all controllers, except the ones in Authenticate, e.g.

before_action :my_filter, unless: :authenticate_controller?

Returns:

(Boolean)



114
115
116

# File 'lib/authenticate/controller.rb', line 114

def authenticate_controller?
  is_a?(Authenticate::AuthenticateController)
end

#authenticated? ⇒ `Boolean`

Has the user been logged in? Exposed as a helper, can be called from views.

<% if authenticated? %>
  <%= link_to logout_path, "Sign out" %>
<% else %>
  <%= link_to login_path, "Sign in" %>
<% end %>

Returns:

(Boolean)



96
97
98

# File 'lib/authenticate/controller.rb', line 96

def authenticated?
  authenticate_session.authenticated?
end

#current_user ⇒ `Object`

Get the current user from the current Authenticate session. Exposed as a helper , can be called from controllers, views, and other helpers.

<p>Your email address: <%= current_user.email %></p>



105
106
107

# File 'lib/authenticate/controller.rb', line 105

def current_user
  authenticate_session.current_user
end

Complete the user’s sign in process: after calling authenticate, or after user creates account. Runs all valid callbacks and sends the user a session token.

# File 'lib/authenticate/controller.rb', line 43

def login(user, &block)
  authenticate_session.login user, &block

  if authenticated? && Authenticate.configuration.rotate_csrf_on_sign_in?
    session.delete(:_csrf_token)
    form_authenticity_token
  end
end

#logout ⇒ `Object`

Log the user out. Typically used in session controller.

class SessionsController < ActionController::Base

include Authenticate::Controller

def destroy
  logout
  redirect_to '/', notice: 'You logged out successfully'
end



61
62
63

# File 'lib/authenticate/controller.rb', line 61

def logout
  authenticate_session.deauthenticate
end

#require_authentication ⇒ `Object`

Use this filter as a before_action to restrict controller actions to authenticated users. Consider using in application_controller to restrict access to all controllers.

Example:

class ApplicationController < ActionController::Base
  before_action :require_authentication

  def index
    # ...
  end
end

# File 'lib/authenticate/controller.rb', line 78

def require_authentication
  debug 'Controller::require_authentication'
  unauthorized unless authenticated?
  message = catch(:failure) do
    current_user = authenticate_session.current_user
    Authenticate.lifecycle.run_callbacks(:after_set_user, current_user, authenticate_session, event: :set_user)
  end
  unauthorized(message) if message
end

Module: Authenticate::Controller

Overview

Instance Method Summary collapse

Methods included from Debug

Instance Method Details

#authenticate(params) ⇒ Object

#authenticate_controller? ⇒ Boolean

#authenticated? ⇒ Boolean

#current_user ⇒ Object

#login(user, &block) ⇒ Object

#logout ⇒ Object