Module: Clearance::Authentication

Extended by:

ActiveSupport::Concern

Defined in:

lib/clearance/authentication.rb

Instance Method Summary

• #authenticate(params) ⇒ Object

  Find the user by the given params or return nil.

• #authorize ⇒ Object

  Deny the user access if they are signed out.

• #current_user ⇒ User^?

  User in the current cookie.

• #current_user=(user) ⇒ Object

  Set the current user.

• #deny_access(flash_message = nil) ⇒ Object

  Store the current location and redirect to sign in.

• #handle_unverified_request ⇒ Object

  CSRF protection in Rails >= 3.0.4 weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails.

• #sign_in(user) ⇒ Object

  Sign user in to cookie.

• #sign_out ⇒ Object

  Sign user out of cookie.

• #signed_in? ⇒ true, false

  Is the current user signed in?.

• #signed_out? ⇒ true, false

  Is the current user signed out?.

Instance Method Details

#authenticate(params) ⇒ Object

Find the user by the given params or return nil. By default, uses email and password. Redefine this method and User.authenticate for other mechanisms such as username and password.

Examples:

@user = authenticate(params)

# File 'lib/clearance/authentication.rb', line 74

def authenticate(params)
  ::User.authenticate(params[:session][:email],
                      params[:session][:password])
end

#authorize ⇒ Object

Deny the user access if they are signed out.

Examples:

before_filter :authorize

# File 'lib/clearance/authentication.rb', line 83

def authorize
  deny_access unless signed_in?
end

#current_user ⇒ User^?

User in the current cookie

Returns:

• (User, nil)

# File 'lib/clearance/authentication.rb', line 16

def current_user
  @_current_user ||= user_from_cookie
end

#current_user=(user) ⇒ Object

Set the current user

Parameters:

• (User)

# File 'lib/clearance/authentication.rb', line 23

def current_user=(user)
  @_current_user = user
end

#deny_access(flash_message = nil) ⇒ Object

Store the current location and redirect to sign in. Display a failure flash message if included.

Parameters:

• optional (String) —

  flash message to display to denied user

# File 'lib/clearance/authentication.rb', line 91

def deny_access(flash_message = nil)
  store_location
  flash[:notice] = flash_message if flash_message
  if signed_in?
    redirect_to(url_after_denied_access_when_signed_in)
  else
    redirect_to(url_after_denied_access_when_signed_out)
  end
end

#handle_unverified_request ⇒ Object

CSRF protection in Rails >= 3.0.4 weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

# File 'lib/clearance/authentication.rb', line 103

def handle_unverified_request
  super
  sign_out
end

#sign_in(user) ⇒ Object

Sign user in to cookie.

Examples:

sign_in(@user)

Parameters:

• (User)

# File 'lib/clearance/authentication.rb', line 47

def sign_in(user)
  if user
    cookies[:remember_token] = {
      :value   => user.remember_token,
      :expires => Clearance.configuration.cookie_expiration.call
    }
    self.current_user = user
  end
end

#sign_out ⇒ Object

Sign user out of cookie.

Examples:

sign_out

# File 'lib/clearance/authentication.rb', line 61

def sign_out
  current_user.reset_remember_token! if current_user
  cookies.delete(:remember_token)
  self.current_user = nil
end

#signed_in? ⇒ true, false

Is the current user signed in?

Returns:

• (true, false)

# File 'lib/clearance/authentication.rb', line 30

def signed_in?
  ! current_user.nil?
end

#signed_out? ⇒ true, false

Is the current user signed out?

Returns:

• (true, false)

# File 'lib/clearance/authentication.rb', line 37

def signed_out?
  current_user.nil?
end