Module: Sorcery::Controller::InstanceMethods
- Defined in:
- lib/sorcery/controller.rb
Instance Method Summary collapse
-
#auto_login(user, _should_remember = false) ⇒ Object
login a user instance.
-
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not.
- #current_user=(user) ⇒ Object
-
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request.
- #logged_in? ⇒ Boolean
-
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication.
-
#logout ⇒ Object
Resets the session and runs hooks before and after.
-
#not_authenticated ⇒ Object
The default action for denying non-authenticated users.
-
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
-
#require_login ⇒ Object
To be used as before_action.
- #reset_sorcery_session ⇒ Object
Instance Method Details
#auto_login(user, _should_remember = false) ⇒ Object
login a user instance
113 114 115 116 |
# File 'lib/sorcery/controller.rb', line 113 def auto_login(user, _should_remember = false) session[:user_id] = user.id.to_s @current_user = user end |
#current_user ⇒ Object
attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not
84 85 86 87 88 89 |
# File 'lib/sorcery/controller.rb', line 84 def current_user unless defined?(@current_user) @current_user = login_from_session || login_from_other_sources || nil end @current_user end |
#current_user=(user) ⇒ Object
91 92 93 |
# File 'lib/sorcery/controller.rb', line 91 def current_user=(user) @current_user = user end |
#handle_unverified_request ⇒ Object
Overwrite Rails’ handle unverified request
119 120 121 122 123 |
# File 'lib/sorcery/controller.rb', line 119 def handle_unverified_request [:remember_me_token] = nil @current_user = nil super # call the default behaviour which resets the session end |
#logged_in? ⇒ Boolean
78 79 80 |
# File 'lib/sorcery/controller.rb', line 78 def logged_in? !!current_user end |
#login(*credentials) ⇒ Object
Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/sorcery/controller.rb', line 34 def login(*credentials) @current_user = nil user_class.authenticate(*credentials) do |user, failure_reason| if failure_reason after_failed_login!(credentials) yield(user, failure_reason) if block_given? # FIXME: Does using `break` or `return nil` change functionality? # rubocop:disable Lint/NonLocalExitFromIterator return # rubocop:enable Lint/NonLocalExitFromIterator end old_session = session.dup.to_hash reset_sorcery_session old_session.each_pair do |k, v| session[k.to_sym] = v end form_authenticity_token auto_login(user, credentials[2]) after_login!(user, credentials) block_given? ? yield(current_user, nil) : current_user end end |
#logout ⇒ Object
Resets the session and runs hooks before and after.
68 69 70 71 72 73 74 75 76 |
# File 'lib/sorcery/controller.rb', line 68 def logout return unless logged_in? user = current_user before_logout! @current_user = nil reset_sorcery_session after_logout!(user) end |
#not_authenticated ⇒ Object
The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.
105 106 107 |
# File 'lib/sorcery/controller.rb', line 105 def not_authenticated redirect_to root_path end |
#redirect_back_or_to(url, flash_hash = {}) ⇒ Object
used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.
97 98 99 100 |
# File 'lib/sorcery/controller.rb', line 97 def redirect_back_or_to(url, flash_hash = {}) redirect_to(session[:return_to_url] || url, flash: flash_hash) session[:return_to_url] = nil end |
#require_login ⇒ Object
To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.
25 26 27 28 29 30 |
# File 'lib/sorcery/controller.rb', line 25 def require_login return if logged_in? session[:return_to_url] = request.url if Config.save_return_to_url && request.get? && !request.xhr? send(Config.not_authenticated_action) end |
#reset_sorcery_session ⇒ Object
63 64 65 |
# File 'lib/sorcery/controller.rb', line 63 def reset_sorcery_session reset_session # protect from session fixation attacks end |