Module: ActionController::AuthenticateUser::InstanceMethods

Defined in:: lib/action_controller/authenticate_user.rb

Overview

Methods callable from within actions

Instance Method Summary collapse

#authenticate_user(credentials) ⇒ Object
#authenticated? ⇒ Boolean (also: #logged_in?)
#current_user ⇒ Object

Will retrieve the current_user.

Instance Method Details

#authenticate_user(credentials) ⇒ `Object`

# File 'lib/action_controller/authenticate_user.rb', line 48

def authenticate_user(credentials)
  User.authenticate(credentials).tap do |user|
    if user
      # prevent session hijacking - unnecessary according to http://dev.rubyonrails.org/ticket/10108
      # reset_session_except :return_location
      session[:uid] = user.id
      set_user_cookie!(user)
    end
  end
end

#authenticated? ⇒ `Boolean` Also known as: logged_in?

Returns:

(Boolean)



91
92
93

# File 'lib/action_controller/authenticate_user.rb', line 91

def authenticated?
  !current_user.anonymous?
end

#current_user ⇒ `Object`

Will retrieve the current_user. Will not force a login but simply load the current user if a person is logged in. If you need the user object loaded with extra options (such as eager loading) then create a private method called “user_find_options” on your controller that returns a hash of the find options you want.

This method will also inform the models of the current user if the current user is logged in and the “User” class responds to the class method current_user=. This is a nice way to communciate the current user down to the model level for model-level security. This means you will want to call this method at least once before using the model-level security. Usually you will call it in a before filter. This method is called automatically when authentication_required is applied to an action.

# File 'lib/action_controller/authenticate_user.rb', line 75

def current_user
  @current_user ||= begin
    # Check for session[:uid] here? That would mean that for token auth the
    # user always needs to be logged out (e.g. in UserController#create).
    # Looks a bit more robust this way:
    try_login
    if session && session[:uid]
      user = find_current_user
      set_user_cookie!(user)
      user
    else
      User.anonymous
    end
  end
end