Module: Sorcery::Controller::InstanceMethods

Defined in:: lib/sorcery/controller.rb

Instance Method Summary collapse

#current_user ⇒ Object

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).
#logged_in? ⇒ Boolean
#login(*credentials) ⇒ Object

Takes credentials and returns a user on successful authentication.
#logout ⇒ Object

Resets the session and runs hooks before and after.
#not_authenticated ⇒ Object

The default action for denying non-authenticated users.
#require_login ⇒ Object

To be used as before_filter.
#return_or_redirect_to(url, flash_hash = {}) ⇒ Object

Instance Method Details

#current_user ⇒ `Object`

attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.) returns the logged in user if found, false if not (using old restful-authentication trick, nil != false).



72
73
74

# File 'lib/sorcery/controller.rb', line 72

def current_user
  @current_user ||= login_from_session || login_from_other_sources unless @current_user == false
end

#logged_in? ⇒ `Boolean`

Returns:

(Boolean)



66
67
68

# File 'lib/sorcery/controller.rb', line 66

def logged_in?
  !!current_user
end

Takes credentials and returns a user on successful authentication. Runs hooks after login or failed login.

# File 'lib/sorcery/controller.rb', line 42

def login(*credentials)
  user = Config.user_class.authenticate(*credentials)
  if user
    return_to_url = session[:return_to_url]
    reset_session # protect from session fixation attacks
    session[:return_to_url] = return_to_url
    login_user(user)
    after_login!(user, credentials)
    current_user
  else
    after_failed_login!(credentials)
    nil
  end
end

#logout ⇒ `Object`

Resets the session and runs hooks before and after.

# File 'lib/sorcery/controller.rb', line 58

def logout
  if logged_in?
    before_logout!(current_user)
    reset_session
    after_logout!
  end
end

#not_authenticated ⇒ `Object`

The default action for denying non-authenticated users. You can override this method in your controllers.



82
83
84

# File 'lib/sorcery/controller.rb', line 82

def not_authenticated
  redirect_to root_path
end

#require_login ⇒ `Object`

To be used as before_filter. Will trigger auto-login attempts via the call to logged_in? If all attempts to auto-login fail, the failure callback will be called.

# File 'lib/sorcery/controller.rb', line 33

def require_login
  if !logged_in?
    session[:return_to_url] = request.url if Config.save_return_to_url
    self.send(Config.not_authenticated_action) 
  end
end

#return_or_redirect_to(url, flash_hash = {}) ⇒ `Object`



76
77
78

# File 'lib/sorcery/controller.rb', line 76

def return_or_redirect_to(url, flash_hash = {})
  redirect_to(session[:return_to_url] || url, :flash => flash_hash)
end

Module: Sorcery::Controller::InstanceMethods

Instance Method Summary collapse

Instance Method Details

#current_user ⇒ Object

#logged_in? ⇒ Boolean

#login(*credentials) ⇒ Object

#logout ⇒ Object

#not_authenticated ⇒ Object

#require_login ⇒ Object