Module: Clearance::Authentication
- Extended by:
- ActiveSupport::Concern
- Included in:
- Controller
- Defined in:
- lib/clearance/authentication.rb
Instance Method Summary collapse
-
#authenticate(params) ⇒ User?
Authenticate a user with a provided email and password.
-
#current_user ⇒ User?
Get the user from the current clearance session.
-
#current_user=(user) ⇒ Object
deprecated
Deprecated.
Use the #sign_in method instead.
-
#handle_unverified_request ⇒ Object
CSRF protection in Rails >= 3.0.4.
-
#sign_in(user, &block) ⇒ Object
Sign in the provided user.
-
#sign_out ⇒ Object
Destroy the current user's Clearance session.
-
#signed_in? ⇒ Boolean
True if there is a currently-signed-in user.
-
#signed_out? ⇒ Boolean
True if there is no currently-signed-in user.
Instance Method Details
#authenticate(params) ⇒ User?
Authenticate a user with a provided email and password
27 28 29 30 31 |
# File 'lib/clearance/authentication.rb', line 27 def authenticate(params) Clearance.configuration.user_model.authenticate( params[:session][:email], params[:session][:password] ) end |
#current_user ⇒ User?
Get the user from the current clearance session. Exposed as a
helper_method
, making it visible to views. Prefer #signed_in? or
#signed_out? if you only want to check for the presence of a current
user rather than access the actual user.
39 40 41 |
# File 'lib/clearance/authentication.rb', line 39 def current_user clearance_session.current_user end |
#current_user=(user) ⇒ Object
Use the #sign_in method instead.
44 45 46 47 48 |
# File 'lib/clearance/authentication.rb', line 44 def current_user=(user) warn "#{Kernel.caller.first}: [DEPRECATION] " + 'Assigning the current_user has been deprecated. Use the sign_in method instead.' clearance_session.sign_in user end |
#handle_unverified_request ⇒ Object
CSRF protection in Rails >= 3.0.4
http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
112 113 114 115 |
# File 'lib/clearance/authentication.rb', line 112 def handle_unverified_request super sign_out end |
#sign_in(user, &block) ⇒ Object
Sign in the provided user. Signing in will run the stack of Configuration#sign_in_guards.
You can provide a block to this method to handle the result of that stack. Your block will receive either a SuccessStatus or FailureStatus
sign_in(user) do |status|
if status.success?
# ...
else
# ...
end
end
For an example of how clearance uses this internally, see SessionsController#create.
Signing in will also regenerate the CSRF token for the current session, provided Configuration#rotate_csrf_token_on_sign_in is set.
71 72 73 74 75 76 77 78 |
# File 'lib/clearance/authentication.rb', line 71 def sign_in(user, &block) clearance_session.sign_in(user, &block) if signed_in? && Clearance.configuration.rotate_csrf_on_sign_in? session.delete(:_csrf_token) form_authenticity_token end end |
#sign_out ⇒ Object
Destroy the current user's Clearance session. See Session#sign_out for specifics.
82 83 84 |
# File 'lib/clearance/authentication.rb', line 82 def sign_out clearance_session.sign_out end |
#signed_in? ⇒ Boolean
True if there is a currently-signed-in user. Exposed as a helper_method
,
making it available to views.
Using signed_in?
is preferable to checking #current_user against nil
as it will allow you to introduce a null user object more simply at a
later date.
94 95 96 |
# File 'lib/clearance/authentication.rb', line 94 def signed_in? clearance_session.signed_in? end |
#signed_out? ⇒ Boolean
True if there is no currently-signed-in user. Exposed as a
helper_method
, making it available to views.
Usings signed_out?
is preferable to checking for presence of
#current_user as it will allow you to introduce a null user object more
simply at a later date.
104 105 106 |
# File 'lib/clearance/authentication.rb', line 104 def signed_out? !signed_in? end |