Module: Adva::AuthenticateUser

Included in:
Admin::BaseController, BaseController
Defined in:
lib/adva/authenticate_user.rb

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(target) ⇒ Object



3
4
5
6
# File 'lib/adva/authenticate_user.rb', line 3

def self.included(target)
  target.extend(ClassMethods)
  target.helper_method(:current_user, :logged_in?, :authenticated?)
end

Instance Method Details

#authenticate_user(credentials) ⇒ Object



39
40
41
42
43
44
45
46
47
48
# File 'lib/adva/authenticate_user.rb', line 39

def authenticate_user(credentials)
  User.authenticate(credentials).tap do |user|
    if user
      # prevent session hijacking - unnecessary according to http://dev.rubyonrails.org/ticket/10108
      # reset_session_except :return_location
      session[:uid] = user.id
      set_user_cookie!(user)
    end
  end
end

#authenticated?Boolean Also known as: logged_in?

Returns:

  • (Boolean)


82
83
84
# File 'lib/adva/authenticate_user.rb', line 82

def authenticated?
  !current_user.anonymous?
end

#current_userObject

Will retrieve the current_user. Will not force a login but simply load the current user if a person is logged in. If you need the user object loaded with extra options (such as eager loading) then create a private method called “user_find_options” on your controller that returns a hash of the find options you want.

This method will also inform the models of the current user if the current user is logged in and the “User” class responds to the class method current_user=. This is a nice way to communciate the current user down to the model level for model-level security. This means you will want to call this method at least once before using the model-level security. Usually you will call it in a before filter. This method is called automatically when authentication_required is applied to an action.



66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# File 'lib/adva/authenticate_user.rb', line 66

def current_user
  @current_user ||= begin
    # Check for session[:uid] here? That would mean that for token auth the
    # user always needs to be logged out (e.g. in UserController#create).
    # Looks a bit more robust this way:
    
    if session && session[:uid]
      user = find_current_user
      set_user_cookie!(user)
      user
    else
      User.anonymous
    end
  end
end