Module: Devise::Controllers::Helpers

Extended by:

ActiveSupport::Concern

Includes:

SignInOut, StoreLocation

Defined in:

lib/devise/controllers/helpers.rb

Overview

Those helpers are convenience methods added to ApplicationController.

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .define_helpers(mapping) ⇒ Object

  Define authentication filters and accessor helpers based on mappings.

Instance Method Summary

• #after_sign_in_path_for(resource_or_scope) ⇒ Object

  The default url to be used after signing in.

• #after_sign_out_path_for(resource_or_scope) ⇒ Object

  Method used by sessions controller to sign out a user.

• #allow_params_authentication! ⇒ Object

  Tell warden that params authentication is allowed for that specific page.

• #devise_controller? ⇒ Boolean

  Return true if it’s a devise_controller.

• #devise_parameter_sanitizer ⇒ Object

  Set up a param sanitizer to filter parameters using strong_parameters.

• #handle_unverified_request ⇒ Object

  Overwrite Rails’ handle unverified request to sign out all scopes, clear run strategies and remove cached variables.

• #is_flashing_format? ⇒ Boolean

  Check if flash messages should be emitted.

• #is_navigational_format? ⇒ Boolean
• #request_format ⇒ Object
• #sign_in_and_redirect(resource_or_scope, *args) ⇒ Object

  Sign in a user and tries to redirect first to the stored location and then to the url specified by after_sign_in_path_for.

• #sign_out_and_redirect(resource_or_scope) ⇒ Object

  Sign out a user and tries to redirect to the url specified by after_sign_out_path_for.

• #signed_in_root_path(resource_or_scope) ⇒ Object

  The scope root url to be used when they’re signed in.

• #warden ⇒ Object

  The main accessor for the warden proxy instance.

Methods included from StoreLocation

#store_location_for, #stored_location_for

Methods included from SignInOut

#bypass_sign_in, #sign_in, #sign_out, #sign_out_all_scopes, #signed_in?

Class Method Details

.define_helpers(mapping) ⇒ Object

Define authentication filters and accessor helpers based on mappings. These filters should be used inside the controllers as before_actions, so you can control the scope of the user who should be signed in to access that specific controller/action. Example:

Roles:
  User
  Admin

Generated methods:
  authenticate_user!  # Signs user in or redirect
  authenticate_admin! # Signs admin in or redirect
  user_signed_in?     # Checks whether there is a user signed in or not
  admin_signed_in?    # Checks whether there is an admin signed in or not
  current_user        # Current signed in user
  current_admin       # Current signed in admin
  user_session        # Session data available only to the user scope
  admin_session       # Session data available only to the admin scope

Use:
  before_action :authenticate_user!  # Tell devise to use :user map
  before_action :authenticate_admin! # Tell devise to use :admin map

# File 'lib/devise/controllers/helpers.rb', line 113

def self.define_helpers(mapping) #:nodoc:
  mapping = mapping.name

  class_eval <<-METHODS, __FILE__, __LINE__ + 1
    def authenticate_#{mapping}!(opts = {})
      opts[:scope] = :#{mapping}
      opts[:locale] = I18n.locale
      warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
    end

    def #{mapping}_signed_in?
      !!current_#{mapping}
    end

    def current_#{mapping}
      @current_#{mapping} ||= warden.authenticate(scope: :#{mapping})
    end

    def #{mapping}_session
      current_#{mapping} && warden.session(:#{mapping})
    end
  METHODS

  ActiveSupport.on_load(:action_controller) do
    if respond_to?(:helper_method)
      helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
    end
  end
end

Instance Method Details

#after_sign_in_path_for(resource_or_scope) ⇒ Object

The default url to be used after signing in. This is used by all Devise controllers and you can overwrite it in your ApplicationController to provide a custom hook for a custom resource.

By default, it first tries to find a valid resource_return_to key in the session, then it fallbacks to resource_root_path, otherwise it uses the root path. For a user scope, you can define the default url in the following way:

get '/users' => 'users#index', as: :user_root # creates user_root_path

namespace :user do
  root 'users#index' # creates user_root_path
end

If the resource root path is not defined, root_path is used. However, if this default is not enough, you can customize it, for example:

def after_sign_in_path_for(resource)
  stored_location_for(resource) ||
    if resource.is_a?(User) && resource.can_publish?
      publisher_url
    else
      super
    end
end

# File 'lib/devise/controllers/helpers.rb', line 217

def after_sign_in_path_for(resource_or_scope)
  stored_location_for(resource_or_scope) || signed_in_root_path(resource_or_scope)
end

#after_sign_out_path_for(resource_or_scope) ⇒ Object

Method used by sessions controller to sign out a user. You can overwrite it in your ApplicationController to provide a custom hook for a custom scope. Notice that differently from after_sign_in_path_for this method receives a symbol with the scope, and not the resource.

By default it is the root_path.

# File 'lib/devise/controllers/helpers.rb', line 227

def after_sign_out_path_for(resource_or_scope)
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  router_name = Devise.mappings[scope].router_name
  context = router_name ? send(router_name) : self
  context.respond_to?(:root_path) ? context.root_path : "/"
end

#allow_params_authentication! ⇒ Object

Tell warden that params authentication is allowed for that specific page.

# File 'lib/devise/controllers/helpers.rb', line 165

def allow_params_authentication!
  request.env["devise.allow_params_authentication"] = true
end

#devise_controller? ⇒ Boolean

Return true if it’s a devise_controller. false to all controllers unless the controllers defined inside devise. Useful if you want to apply a before filter to all controllers, except the ones in devise:

before_action :my_filter, unless: :devise_controller?

Returns:

• (Boolean)

# File 'lib/devise/controllers/helpers.rb', line 153

def devise_controller?
  is_a?(::DeviseController)
end

#devise_parameter_sanitizer ⇒ Object

Set up a param sanitizer to filter parameters using strong_parameters. See lib/devise/parameter_sanitizer.rb for more info. Override this method in your application controller to use your own parameter sanitizer.

# File 'lib/devise/controllers/helpers.rb', line 160

def devise_parameter_sanitizer
  @devise_parameter_sanitizer ||= Devise::ParameterSanitizer.new(resource_class, resource_name, params)
end

#handle_unverified_request ⇒ Object

Overwrite Rails’ handle unverified request to sign out all scopes, clear run strategies and remove cached variables.

# File 'lib/devise/controllers/helpers.rb', line 256

def handle_unverified_request
  super # call the default behavior which resets/nullifies/raises
  request.env["devise.skip_storage"] = true
  sign_out_all_scopes(false)
end

#is_flashing_format? ⇒ Boolean

Check if flash messages should be emitted. Default is to do it on navigational formats

Returns:

• (Boolean)

# File 'lib/devise/controllers/helpers.rb', line 272

def is_flashing_format?
  request.respond_to?(:flash) && is_navigational_format?
end

#is_navigational_format? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise/controllers/helpers.rb', line 266

def is_navigational_format?
  Devise.navigational_formats.include?(request_format)
end

#request_format ⇒ Object

# File 'lib/devise/controllers/helpers.rb', line 262

def request_format
  @request_format ||= request.format.try(:ref)
end

#sign_in_and_redirect(resource_or_scope, *args) ⇒ Object

Sign in a user and tries to redirect first to the stored location and then to the url specified by after_sign_in_path_for. It accepts the same parameters as the sign_in method.

# File 'lib/devise/controllers/helpers.rb', line 237

def sign_in_and_redirect(resource_or_scope, *args)
  options  = args.extract_options!
  scope    = Devise::Mapping.find_scope!(resource_or_scope)
  resource = args.last || resource_or_scope
  sign_in(scope, resource, options)
  redirect_to after_sign_in_path_for(resource)
end

#sign_out_and_redirect(resource_or_scope) ⇒ Object

Sign out a user and tries to redirect to the url specified by after_sign_out_path_for.

# File 'lib/devise/controllers/helpers.rb', line 247

def sign_out_and_redirect(resource_or_scope)
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  redirect_path = after_sign_out_path_for(scope)
  Devise.sign_out_all_scopes ? sign_out : sign_out(scope)
  redirect_to redirect_path
end

#signed_in_root_path(resource_or_scope) ⇒ Object

The scope root url to be used when they’re signed in. By default, it first tries to find a resource_root_path, otherwise it uses the root_path.

# File 'lib/devise/controllers/helpers.rb', line 171

def signed_in_root_path(resource_or_scope)
  scope = Devise::Mapping.find_scope!(resource_or_scope)
  router_name = Devise.mappings[scope].router_name

  home_path = "#{scope}_root_path"

  context = router_name ? send(router_name) : self

  if context.respond_to?(home_path, true)
    context.send(home_path)
  elsif context.respond_to?(:root_path)
    context.root_path
  elsif respond_to?(:root_path)
    root_path
  else
    "/"
  end
end

#warden ⇒ Object

The main accessor for the warden proxy instance

# File 'lib/devise/controllers/helpers.rb', line 144

def warden
  request.env['warden'] or raise MissingWarden
end