Module: Adva::AuthenticateUser
- Included in:
- Admin::BaseController, BaseController
- Defined in:
- lib/adva/authenticate_user.rb
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
- #authenticate_user(credentials) ⇒ Object
- #authenticated? ⇒ Boolean (also: #logged_in?)
-
#current_user ⇒ Object
Will retrieve the current_user.
Class Method Details
.included(target) ⇒ Object
3 4 5 6 |
# File 'lib/adva/authenticate_user.rb', line 3 def self.included(target) target.extend(ClassMethods) target.helper_method(:current_user, :logged_in?, :authenticated?) end |
Instance Method Details
#authenticate_user(credentials) ⇒ Object
39 40 41 42 43 44 45 46 47 48 |
# File 'lib/adva/authenticate_user.rb', line 39 def authenticate_user(credentials) User.authenticate(credentials).tap do |user| if user # prevent session hijacking - unnecessary according to http://dev.rubyonrails.org/ticket/10108 # reset_session_except :return_location session[:uid] = user.id (user) end end end |
#authenticated? ⇒ Boolean Also known as: logged_in?
82 83 84 |
# File 'lib/adva/authenticate_user.rb', line 82 def authenticated? !current_user.anonymous? end |
#current_user ⇒ Object
Will retrieve the current_user. Will not force a login but simply load the current user if a person is logged in. If you need the user object loaded with extra options (such as eager loading) then create a private method called “user_find_options” on your controller that returns a hash of the find options you want.
This method will also inform the models of the current user if the current user is logged in and the “User” class responds to the class method current_user=. This is a nice way to communciate the current user down to the model level for model-level security. This means you will want to call this method at least once before using the model-level security. Usually you will call it in a before filter. This method is called automatically when authentication_required is applied to an action.
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/adva/authenticate_user.rb', line 66 def current_user @current_user ||= begin # Check for session[:uid] here? That would mean that for token auth the # user always needs to be logged out (e.g. in UserController#create). # Looks a bit more robust this way: try_login if session && session[:uid] user = find_current_user (user) user else User.anonymous end end end |