Class: Clearance::Configuration

Inherits:

Object

• Object
• Clearance::Configuration

Defined in:

lib/clearance/configuration.rb

Instance Attribute Summary

• #allow_password_reset ⇒ Boolean writeonly

  Controls whether the password reset routes are enabled Defaults to true.

• #allow_sign_up ⇒ Boolean writeonly

  Controls whether the sign up route is enabled.

• #allowed_backdoor_environments ⇒ Array<String>

  The array of allowed environments where Clearance::BackDoor is enabled.

• #cookie_domain ⇒ String

  The domain to use for the clearance remember token cookie.

• #cookie_expiration ⇒ Lambda

  A lambda called to set the remember token cookie expires attribute.

• #cookie_name ⇒ String

  The name of Clearance's remember token cookie.

• #cookie_path ⇒ String

  Controls which paths the remember token cookie is valid for.

• #httponly ⇒ Boolean

  Controls whether the HttpOnly flag should be set on the remember token cookie.

• #mailer_sender ⇒ String

  Controls the address the password reset email is sent from.

• #parent_controller ⇒ Class

  The class representing the configured base controller.

• #password_strategy ⇒ Module #authenticated? #password=

  The password strategy to use when authenticating and setting passwords.

• #redirect_url ⇒ String

  The default path Clearance will redirect signed in users to.

• #rotate_csrf_on_sign_in ⇒ Object

  Controls whether Clearance will rotate the CSRF token on sign in.

• #routes ⇒ Boolean writeonly

  Set to false to disable Clearance's built-in routes.

• #same_site ⇒ String

  Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain.

• #secure_cookie ⇒ Boolean

  Controls the secure setting on the remember token cookie.

• #sign_in_guards ⇒ Array<#call>

  The array of sign in guards to run when signing a user in.

• #sign_in_on_password_reset ⇒ Boolean writeonly

  Controls wether users are automatically signed in after successfully resetting their password.

• #signed_cookie ⇒ Boolean|:migrate

  Controls whether cookies are signed.

• #url_after_denied_access_when_signed_out ⇒ String

  The default path Clearance will redirect non-users to when denied access.

• #url_after_destroy ⇒ String

  The default path Clearance will redirect signed out users to.

• #user_model ⇒ Class

  The class representing the configured user model.

• #user_parameter ⇒ Symbol

  The name of user parameter for the configured user model.

Instance Method Summary

• #allow_password_reset? ⇒ Boolean

  Are the password reset routes enabled?.

• #allow_sign_up? ⇒ Boolean

  Is the user sign up route enabled?.

• #initialize ⇒ Configuration constructor

  A new instance of Configuration.

• #rotate_csrf_on_sign_in? ⇒ Boolean
• #routes_enabled? ⇒ Boolean

  Are Clearance's built-in routes enabled?.

• #sign_in_on_password_reset? ⇒ Boolean
• #user_actions ⇒ Array<Symbol>

  Specifies which controller actions are allowed for user resources.

• #user_id_parameter ⇒ Symbol

  The name of foreign key parameter for the configured user model.

Constructor Details

#initialize ⇒ Configuration

Returns a new instance of Configuration.

# File 'lib/clearance/configuration.rb', line 153

def initialize
  @allow_sign_up = true
  @allow_password_reset = true
  @allowed_backdoor_environments = ["test", "ci", "development"]
  @cookie_domain = nil
  @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
  @cookie_name = "remember_token"
  @cookie_path = '/'
  @httponly = true
  @same_site = nil
  @mailer_sender = 'reply@example.com'
  @redirect_url = '/'
  @url_after_destroy = nil
  @url_after_denied_access_when_signed_out = nil
  @rotate_csrf_on_sign_in = true
  @routes = true
  @secure_cookie = false
  @signed_cookie = false
  @sign_in_guards = []
  @user_parameter = nil
  @sign_in_on_password_reset = true
end

Instance Attribute Details

#allow_password_reset=(value) ⇒ Boolean (writeonly)

Controls whether the password reset routes are enabled Defaults to true. Set to False to disable password reset routes The setting is ignored if routes are disabled.

Parameters:

• value (Boolean)

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 15

def allow_password_reset=(value)
  @allow_password_reset = value
end

#allow_sign_up=(value) ⇒ Boolean (writeonly)

Controls whether the sign up route is enabled. Defaults to true. Set to false to disable user creation routes. The setting is ignored if routes are disabled.

Parameters:

• value (Boolean)

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 8

def allow_sign_up=(value)
  @allow_sign_up = value
end

#allowed_backdoor_environments ⇒ Array<String>

The array of allowed environments where Clearance::BackDoor is enabled. Defaults to ["test", "ci", "development"]

Returns:

• (Array<String>)

# File 'lib/clearance/configuration.rb', line 140

def allowed_backdoor_environments
  @allowed_backdoor_environments
end

#cookie_domain ⇒ String

The domain to use for the clearance remember token cookie. Defaults to nil, which causes the cookie domain to default to the domain of the request. For more, see RFC6265.

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 22

def cookie_domain
  @cookie_domain
end

#cookie_expiration ⇒ Lambda

A lambda called to set the remember token cookie expires attribute. The lambda accepts the collection of cookies as an argument which allows for changing the expiration according to those cookies. This could be used, for example, to set a session cookie unless a remember_me cookie was also present. By default, cookie expiration is one year. For more on cookie expiration see RFC6265.

Returns:

• (Lambda)

# File 'lib/clearance/configuration.rb', line 32

def cookie_expiration
  @cookie_expiration
end

#cookie_name ⇒ String

The name of Clearance's remember token cookie. Defaults to remember_token.

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 37

def cookie_name
  @cookie_name
end

#cookie_path ⇒ String

Controls which paths the remember token cookie is valid for. Defaults to "/" for the entire domain. For more, see RFC6265.

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 43

def cookie_path
  @cookie_path
end

#httponly ⇒ Boolean

Controls whether the HttpOnly flag should be set on the remember token cookie. Defaults to true, which prevents the cookie from being made available to JavaScript. For more see RFC6265.

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 50

def httponly
  @httponly
end

#mailer_sender ⇒ String

Controls the address the password reset email is sent from. Defaults to reply@example.com.

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 65

def mailer_sender
  @mailer_sender
end

#parent_controller ⇒ Class

The class representing the configured base controller. In the default configuration, this is the ApplicationController class.

Returns:

• (Class)

# File 'lib/clearance/configuration.rb', line 196

def parent_controller
  (@parent_controller || "ApplicationController").to_s.constantize
end

#password_strategy ⇒ Module #authenticated? #password=

The password strategy to use when authenticating and setting passwords. Defaults to PasswordStrategies::BCrypt.

Returns:

• (Module #authenticated? #password=)

# File 'lib/clearance/configuration.rb', line 70

def password_strategy
  @password_strategy
end

#redirect_url ⇒ String

The default path Clearance will redirect signed in users to. Defaults to "/". This can often be overridden for specific scenarios by overriding controller methods that rely on it.

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 76

def redirect_url
  @redirect_url
end

#rotate_csrf_on_sign_in ⇒ Object

Controls whether Clearance will rotate the CSRF token on sign in. Defaults to nil which generates a warning. Will default to true in Clearance 2.0.

# File 'lib/clearance/configuration.rb', line 95

def rotate_csrf_on_sign_in
  @rotate_csrf_on_sign_in
end

#routes=(value) ⇒ Boolean (writeonly)

Set to false to disable Clearance's built-in routes. Defaults to true. When set to false, your app is responsible for all routes. You can dump a copy of Clearance's default routes with rails generate clearance:routes.

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 102

def routes=(value)
  @routes = value
end

#same_site ⇒ String

Same-site cookies ("First-Party-Only" or "First-Party") allow servers to mitigate the risk of CSRF and information leakage attacks by asserting that a particular cookie should only be sent with requests initiated from the same registrable domain. Defaults to nil. For more, see RFC6265. and https://github.com/rack/rack/blob/6eda04886e3a57918ca2d6a482fda02a678fef0a/lib/rack/utils.rb#L232-L244

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 60

def same_site
  @same_site
end

#secure_cookie ⇒ Boolean

Controls the secure setting on the remember token cookie. Defaults to false. When set, the browser will only send the cookie to the server over HTTPS. You should set this value to true in live environments to prevent session hijacking. For more, see RFC6265.

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 110

def secure_cookie
  @secure_cookie
end

#sign_in_guards ⇒ Array<#call>

The array of sign in guards to run when signing a user in. Defaults to an empty array. Sign in guards respond to call and are initialized with a session and the current stack. Each guard can decide to fail the sign in, yield to the next guard, or allow the sign in.

Returns:

• (Array<#call>)

# File 'lib/clearance/configuration.rb', line 125

def sign_in_guards
  @sign_in_guards
end

#sign_in_on_password_reset=(value) ⇒ Boolean (writeonly)

Controls wether users are automatically signed in after successfully resetting their password. Defaults to true.

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 151

def sign_in_on_password_reset=(value)
  @sign_in_on_password_reset = value
end

#signed_cookie ⇒ Boolean|:migrate

Controls whether cookies are signed. Defaults to false for backwards compatibility. When set, uses Rails' signed cookies (more secure against timing/brute-force attacks) see ActionDispatch::Cookies

Returns:

• (Boolean|:migrate)

# File 'lib/clearance/configuration.rb', line 118

def signed_cookie
  @signed_cookie
end

#url_after_denied_access_when_signed_out ⇒ String

The default path Clearance will redirect non-users to when denied access. Defaults to nil so that the authorization module will use sign_in_url for backwards compatibility. This can be set here instead of overriding the method via an overridden authorization module.

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 90

def url_after_denied_access_when_signed_out
  @url_after_denied_access_when_signed_out
end

#url_after_destroy ⇒ String

The default path Clearance will redirect signed out users to. Defaults to nil so that the controller will use sign_in_url for backwards compatibility. This can be set here instead of overriding the method via an overridden session controller.

Returns:

• (String)

# File 'lib/clearance/configuration.rb', line 83

def url_after_destroy
  @url_after_destroy
end

#user_model ⇒ Class

The class representing the configured user model. In the default configuration, this is the User class.

Returns:

• (Class)

# File 'lib/clearance/configuration.rb', line 189

def user_model
  (@user_model || "User").to_s.constantize
end

#user_parameter ⇒ Symbol

The name of user parameter for the configured user model. This is derived from the model_name of the user_model setting. In the default configuration, this is user.

Returns:

• (Symbol)

# File 'lib/clearance/configuration.rb', line 228

def user_parameter
  @user_parameter ||= user_model.model_name.singular.to_sym
end

Instance Method Details

#allow_password_reset? ⇒ Boolean

Are the password reset routes enabled?

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 208

def allow_password_reset?
  @allow_password_reset
end

#allow_sign_up? ⇒ Boolean

Is the user sign up route enabled?

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 202

def allow_sign_up?
  @allow_sign_up
end

#rotate_csrf_on_sign_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 257

def rotate_csrf_on_sign_in?
  !!rotate_csrf_on_sign_in
end

#routes_enabled? ⇒ Boolean

Returns are Clearance's built-in routes enabled?.

Returns:

• (Boolean) —

  are Clearance's built-in routes enabled?

# File 'lib/clearance/configuration.rb', line 241

def routes_enabled?
  @routes
end

#sign_in_on_password_reset? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/clearance/configuration.rb', line 261

def sign_in_on_password_reset?
  @sign_in_on_password_reset
end

#user_actions ⇒ Array<Symbol>

Specifies which controller actions are allowed for user resources. This will be [:create] is allow_sign_up is true (the default), and empty otherwise.

Returns:

• (Array<Symbol>)

# File 'lib/clearance/configuration.rb', line 216

def  user_actions
  if allow_sign_up?
    [:create]
  else
    []
  end
end

#user_id_parameter ⇒ Symbol

The name of foreign key parameter for the configured user model. This is derived from the model_name of the user_model setting. In the default configuration, this is user_id.

Returns:

• (Symbol)

# File 'lib/clearance/configuration.rb', line 236

def user_id_parameter
  "#{user_parameter}_id".to_sym
end