Module: Sorcery::Controller::InstanceMethods

Defined in:

lib/sorcery/controller.rb

Overview

rubocop:disable Metrics/ModuleLength

Instance Method Summary

• #auto_login(user, _should_remember = false) ⇒ Object

  login a user instance.

• #current_user ⇒ Object

  attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not.

• #current_user=(user) ⇒ Object
• #handle_unverified_request ⇒ Object

  Overwrite Rails’ handle unverified request.

• #logged_in? ⇒ Boolean
• #login(*credentials) ⇒ Object

  Takes credentials and returns a user on successful authentication.

• #login! ⇒ Object
• #logout ⇒ Object

  Resets the session and runs hooks before and after.

• #not_authenticated ⇒ Object

  The default action for denying non-authenticated users.

• #redirect_back_or_to ⇒ Object

  used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.

• #redirect_to_before_login_path(url, **options) ⇒ Object
• #require_login ⇒ Object

  To be used as before_action.

• #reset_sorcery_session ⇒ Object

Instance Method Details

#auto_login(user, _should_remember = false) ⇒ Object

login a user instance

Parameters:

• user (<User-Model>) —

  the user instance.

Returns:

• • do not depend on the return value.

# File 'lib/sorcery/controller.rb', line 132

def auto_login(user, _should_remember = false)
  session[:user_id] = user.id.to_s
  @current_user = user
end

#current_user ⇒ Object

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, nil if not

# File 'lib/sorcery/controller.rb', line 89

def current_user
  @current_user = login_from_session || login_from_other_sources || nil unless defined?(@current_user)
  @current_user
end

#current_user=(user) ⇒ Object

# File 'lib/sorcery/controller.rb', line 94

def current_user=(user)
  @current_user = user
end

#handle_unverified_request ⇒ Object

Overwrite Rails’ handle unverified request

# File 'lib/sorcery/controller.rb', line 138

def handle_unverified_request
  cookies[:remember_me_token] = nil
  @current_user = nil
  super # call the default behaviour which resets the session
end

#logged_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sorcery/controller.rb', line 83

def logged_in?
  !!current_user
end

#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.

# File 'lib/sorcery/controller.rb', line 32

def login(*credentials)
  @current_user = nil

  user_class.authenticate(*credentials) do |user, failure_reason|
    if failure_reason
      after_failed_login!(credentials)

      yield(user, failure_reason) if block_given?

      # FIXME: Does using `break` or `return nil` change functionality?
      # rubocop:disable Lint/NonLocalExitFromIterator
      return
      # rubocop:enable Lint/NonLocalExitFromIterator
    end

    old_session = session.dup.to_hash
    reset_sorcery_session
    old_session.each_pair do |k, v|
      session[k.to_sym] = v
    end

    auto_login(user, credentials[2])
    after_login!(user, credentials)

    block_given? ? yield(current_user, nil) : current_user
  end
end

#login! ⇒ Object

Raises:

• (Sorcery::InvalidCredentials)

# File 'lib/sorcery/controller.rb', line 60

def login!(...)
  user = login(...)

  raise Sorcery::InvalidCredentials if user.nil?

  user
end

#logout ⇒ Object

Resets the session and runs hooks before and after.

# File 'lib/sorcery/controller.rb', line 73

def logout
  return unless logged_in?

  user = current_user
  before_logout!
  @current_user = nil
  reset_sorcery_session
  after_logout!(user)
end

#not_authenticated ⇒ Object

The default action for denying non-authenticated users. You can override this method in your controllers, or provide a different method in the configuration.

# File 'lib/sorcery/controller.rb', line 124

def not_authenticated
  redirect_to root_path
end

#redirect_back_or_to ⇒ Object

used when a user tries to access a page while logged out, is asked to login, and we want to return him back to the page he originally wanted.

# File 'lib/sorcery/controller.rb', line 100

def redirect_back_or_to(...)
  if Config.use_redirect_back_or_to_by_rails
    super
  else
    Sorcery.deprecator.warn(
      '`redirect_back_or_to` overrides the method of the same name defined in Rails 7. ' \
      'To avoid overriding, set `config.use_redirect_back_or_to_by_rails = true` and use `redirect_to_before_login_path`. ' \
      'In a future release, `config.use_redirect_back_or_to_by_rails = true` will become the default.'
    )
    redirect_to_before_login_path(...)
  end
end

#redirect_to_before_login_path(url, **options) ⇒ Object

# File 'lib/sorcery/controller.rb', line 113

def redirect_to_before_login_path(url, **options)
  allow_other_host = options[:allow_other_host].nil? ? _allow_other_host : options[:allow_other_host]
  flash = options.except(:allow_other_host)

  redirect_to(session[:return_to_url] || url, flash:, allow_other_host:)
  session[:return_to_url] = nil
end

#require_login ⇒ Object

To be used as before_action. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.

# File 'lib/sorcery/controller.rb', line 20

def require_login
  return if logged_in?

  if Config.save_return_to_url && request.get? && !request.xhr? && !request.format.json?
    session[:return_to_url] = request.url
  end

  send(Config.not_authenticated_action)
end

#reset_sorcery_session ⇒ Object

# File 'lib/sorcery/controller.rb', line 68

def reset_sorcery_session
  reset_session # protect from session fixation attacks
end