Module: ActionController::AuthenticateUser::InstanceMethods
- Defined in:
- lib/action_controller/authenticate_user.rb
Overview
Methods callable from within actions
Instance Method Summary collapse
- #authenticate_user(credentials) ⇒ Object
- #authenticated? ⇒ Boolean (also: #logged_in?)
-
#current_user ⇒ Object
Will retrieve the current_user.
Instance Method Details
#authenticate_user(credentials) ⇒ Object
48 49 50 51 52 53 54 55 56 57 |
# File 'lib/action_controller/authenticate_user.rb', line 48 def authenticate_user(credentials) User.authenticate(credentials).tap do |user| if user # prevent session hijacking - unnecessary according to http://dev.rubyonrails.org/ticket/10108 # reset_session_except :return_location session[:uid] = user.id (user) end end end |
#authenticated? ⇒ Boolean Also known as: logged_in?
91 92 93 |
# File 'lib/action_controller/authenticate_user.rb', line 91 def authenticated? !current_user.anonymous? end |
#current_user ⇒ Object
Will retrieve the current_user. Will not force a login but simply load the current user if a person is logged in. If you need the user object loaded with extra options (such as eager loading) then create a private method called “user_find_options” on your controller that returns a hash of the find options you want.
This method will also inform the models of the current user if the current user is logged in and the “User” class responds to the class method current_user=. This is a nice way to communciate the current user down to the model level for model-level security. This means you will want to call this method at least once before using the model-level security. Usually you will call it in a before filter. This method is called automatically when authentication_required is applied to an action.
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/action_controller/authenticate_user.rb', line 75 def current_user @current_user ||= begin # Check for session[:uid] here? That would mean that for token auth the # user always needs to be logged out (e.g. in UserController#create). # Looks a bit more robust this way: try_login if session && session[:uid] user = find_current_user (user) user else User.anonymous end end end |