Module: Clearance::Authentication
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/clearance/authentication.rb
Instance Method Summary collapse
-
#authenticate(params) ⇒ Object
Find the user by the given params or return nil.
-
#authorize ⇒ Object
Deny the user access if they are signed out.
-
#current_user ⇒ User?
User in the current cookie.
-
#current_user=(user) ⇒ Object
Set the current user.
-
#deny_access(flash_message = nil) ⇒ Object
Store the current location and redirect to sign in.
-
#handle_unverified_request ⇒ Object
CSRF protection in Rails >= 3.0.4 weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails.
-
#sign_in(user) ⇒ Object
Sign user in to cookie.
-
#sign_out ⇒ Object
Sign user out of cookie.
-
#signed_in? ⇒ true, false
Is the current user signed in?.
-
#signed_out? ⇒ true, false
Is the current user signed out?.
Instance Method Details
#authenticate(params) ⇒ Object
Find the user by the given params or return nil. By default, uses email and password. Redefine this method and User.authenticate for other mechanisms such as username and password.
74 75 76 77 |
# File 'lib/clearance/authentication.rb', line 74 def authenticate(params) ::User.authenticate(params[:session][:email], params[:session][:password]) end |
#authorize ⇒ Object
Deny the user access if they are signed out.
83 84 85 |
# File 'lib/clearance/authentication.rb', line 83 def deny_access unless signed_in? end |
#current_user ⇒ User?
User in the current cookie
16 17 18 |
# File 'lib/clearance/authentication.rb', line 16 def current_user @_current_user ||= end |
#current_user=(user) ⇒ Object
Set the current user
23 24 25 |
# File 'lib/clearance/authentication.rb', line 23 def current_user=(user) @_current_user = user end |
#deny_access(flash_message = nil) ⇒ Object
Store the current location and redirect to sign in. Display a failure flash message if included.
91 92 93 94 95 96 97 98 99 |
# File 'lib/clearance/authentication.rb', line 91 def deny_access( = nil) store_location flash[:notice] = if if signed_in? redirect_to(url_after_denied_access_when_signed_in) else redirect_to(url_after_denied_access_when_signed_out) end end |
#handle_unverified_request ⇒ Object
CSRF protection in Rails >= 3.0.4 weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
103 104 105 106 |
# File 'lib/clearance/authentication.rb', line 103 def handle_unverified_request super sign_out end |
#sign_in(user) ⇒ Object
Sign user in to cookie.
47 48 49 50 51 52 53 54 55 |
# File 'lib/clearance/authentication.rb', line 47 def sign_in(user) if user [:remember_token] = { :value => user.remember_token, :expires => Clearance.configuration..call } self.current_user = user end end |
#sign_out ⇒ Object
Sign user out of cookie.
61 62 63 64 65 |
# File 'lib/clearance/authentication.rb', line 61 def sign_out current_user.reset_remember_token! if current_user .delete(:remember_token) self.current_user = nil end |
#signed_in? ⇒ true, false
Is the current user signed in?
30 31 32 |
# File 'lib/clearance/authentication.rb', line 30 def signed_in? ! current_user.nil? end |
#signed_out? ⇒ true, false
Is the current user signed out?
37 38 39 |
# File 'lib/clearance/authentication.rb', line 37 def signed_out? current_user.nil? end |