Module: Hobo::Controller::AuthenticationSupport

Included in:

Hobo::Controller

Defined in:

lib/hobo/controller/authentication_support.rb

Instance Method Summary

• #authenticated_user_from_cookie ⇒ Object
• #authorized? ⇒ Boolean

  Check if the user is authorized.

• #create_auth_cookie ⇒ Object
• #logged_in? ⇒ Boolean

  Filter method to enforce a login requirement.

• #login_from_cookie ⇒ Object

  When called with before_filter :login_from_cookie will check for an :auth_token cookie and log the user back in if apropriate.

• #login_required(user_model = nil) ⇒ Object

  To require logins for all actions, use this in your controllers:.

• #redirect_back_or_default(default) ⇒ Object

  Redirect to the URI stored by the most recent store_location call or to the passed default.

• #store_location ⇒ Object

  Store the URI of the current request in the session.

Instance Method Details

#authenticated_user_from_cookie ⇒ Object

# File 'lib/hobo/controller/authentication_support.rb', line 79

def authenticated_user_from_cookie
  !logged_in? and
      cookie = cookies[:auth_token] and
      (token, model_name = cookie.split) and
      user_model = model_name._?.safe_constantize and
      user = user_model.find_by_remember_token(token) and
      user.remember_token? and
      user
end

#authorized? ⇒ Boolean

Check if the user is authorized.

Override this method in your controllers if you want to restrict access to only a few actions or if you want to check if the user has the correct rights.

Example:

# only allow nonbobs
def authorize?
  current_user.login != "bob"
end

Returns:

• (Boolean)

# File 'lib/hobo/controller/authentication_support.rb', line 23

def authorized?
  true
end

#create_auth_cookie ⇒ Object

# File 'lib/hobo/controller/authentication_support.rb', line 89

def create_auth_cookie
  cookies[:auth_token] = { :value => "#{current_user.remember_token} #{current_user.class.name}",
                           :expires => current_user.remember_token_expires_at }
end

#logged_in? ⇒ Boolean

Filter method to enforce a login requirement.

Returns:

• (Boolean)

# File 'lib/hobo/controller/authentication_support.rb', line 6

def logged_in?
  not current_user.guest?
end

#login_from_cookie ⇒ Object

When called with before_filter :login_from_cookie will check for an :auth_token cookie and log the user back in if apropriate

# File 'lib/hobo/controller/authentication_support.rb', line 70

def login_from_cookie
  if (user = authenticated_user_from_cookie)
    user.remember_me
    self.current_user = user
    create_auth_cookie
  end
end

#login_required(user_model = nil) ⇒ Object

To require logins for all actions, use this in your controllers:

before_filter :login_required

To require logins for specific actions, use this in your controllers:

before_filter :login_required, :only => [ :edit, :update ]

To skip this in a subclassed controller:

skip_before_filter :login_required

# File 'lib/hobo/controller/authentication_support.rb', line 40

def login_required(user_model=nil)
  auth_model = user_model || Hobo::Model::UserBase.default_user_model
  if current_user.guest?
    username, passwd = get_auth_data
    self.current_user = auth_model.authenticate(username, passwd) || nil if username && passwd && auth_model
  end
  if logged_in? && authorized? && (user_model.nil? || current_user.is_a?(user_model))
    true
  else
    access_denied(auth_model)
  end
end

#redirect_back_or_default(default) ⇒ Object

Redirect to the URI stored by the most recent store_location call or to the passed default.

# File 'lib/hobo/controller/authentication_support.rb', line 63

def redirect_back_or_default(default)
  session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
  session[:return_to] = nil
end

#store_location ⇒ Object

Store the URI of the current request in the session.

We can return to this location by calling #redirect_back_or_default.

# File 'lib/hobo/controller/authentication_support.rb', line 57

def store_location
  session[:return_to] = request.fullpath
end