Module: Sorcery::Controller::InstanceMethods

Defined in:
lib/sorcery/controller.rb

Instance Method Summary collapse

Instance Method Details

#auto_login(user, _should_remember = false) ⇒ Object

login a user instance

Parameters:

  • user (<User-Model>)

    the user instance.

Returns:

    • do not depend on the return value.



113
114
115
116
 
# File 'lib/sorcery/controller.rb', line 113

def (user, _should_remember = false)
  session[:user_id] = user.id.to_s
  @current_user = user
end

#current_userObject

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not



84
85
86
87
88
89
 
# File 'lib/sorcery/controller.rb', line 84

def current_user
  unless defined?(@current_user)
    @current_user =  ||  || nil
  end
  @current_user
end

#current_user=(user) ⇒ Object 



91
92
93
 
# File 'lib/sorcery/controller.rb', line 91

def current_user=(user)
  @current_user = user
end

#handle_unverified_requestObject

Overwrite Rails’ handle unverified request



119
120
121
122
123
 
# File 'lib/sorcery/controller.rb', line 119

def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end

#logged_in?Boolean

Returns:

  • (Boolean) 


78
79
80
 
# File 'lib/sorcery/controller.rb', line 78

def logged_in?
  !!current_user
end

#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/sorcery/controller.rb', line 34

def (*credentials)
  @current_user = nil

  user_class.authenticate(*credentials) do |user, failure_reason|
    if failure_reason
      after_failed_login!(credentials)

      yield(user, failure_reason) if block_given?

      # FIXME: Does using `break` or `return nil` change functionality?
      # rubocop:disable Lint/NonLocalExitFromIterator
      return
      # rubocop:enable Lint/NonLocalExitFromIterator
    end

    old_session = session.dup.to_hash
    reset_sorcery_session
    old_session.each_pair do |k, v|
      session[k.to_sym] = v
    end
    form_authenticity_token

    (user, credentials[2])
    after_login!(user, credentials)

    block_given? ? yield(current_user, nil) : current_user
  end
end

#logoutObject

Resets the session and runs hooks before and after.



68
69
70
71
72
73
74
75
76
 
# File 'lib/sorcery/controller.rb', line 68

def logout
  return unless logged_in?

  user = current_user
  before_logout!
  @current_user = nil
  reset_sorcery_session
  after_logout!(user)
end

#not_authenticatedObject

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.



105
106
107
 
# File 'lib/sorcery/controller.rb', line 105

def not_authenticated
  redirect_to root_path
end

#redirect_back_or_to(url, flash_hash = {}) ⇒ Object

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.



97
98
99
100
 
# File 'lib/sorcery/controller.rb', line 97

def redirect_back_or_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, flash: flash_hash)
  session[:return_to_url] = nil
end

#require_loginObject

To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.



25
26
27
28
29
30
 
# File 'lib/sorcery/controller.rb', line 25

def 
  return if logged_in?

  session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr?
  send(Config.not_authenticated_action)
end

#reset_sorcery_sessionObject 



63
64
65
 
# File 'lib/sorcery/controller.rb', line 63

def reset_sorcery_session
  reset_session # protect from session fixation attacks
end